On Tuesday, iStockphoto experienced a phishing attack in its forums and through sitemail. This attack created a fake istockphoto.com login screen, prompted the user to enter a username and password, saved these to a malicious server and redirected the user back to the iStockphoto home page.
Phishing is the act of contacting Internet users by email with false claims of being a legitimate enterprise with which the user already has a relationship, in an attempt to scam the user into surrendering private information. Used for identity theft, such emails direct users to Web sites where they are asked to update personal information—username and password or credit card, social security and bank account numbers—that the legitimate company already has. The Web sites that collect the information are bogus, set up only to steal users’ information.
iStock detected this attempted breach within minutes and implemented its security protocol. Because iStock managers were not sure how far-reaching it was, they took the site down to eliminate further exposure.
iStock does not store any credit card information, so no financial information was breached. As a precaution, iStock recommends that users reset their password on istockphoto.com and any other sites where the same passwords were used.
Visit the iStock forum for additional discussion on this topic.