Attention Sony: Cyber-criminals are using one of your servers to run a phishing site.
Criminals had set up a phishing site imitating an Italian credit card company on a domain belonging to Sony Thailand, F-Secure researchers discovered. Users are encouraged to enter in all of their personal data to apply for a new credit card, which they would never receive.
“We know you’re not supposed to kick somebody when they’re already down…but we just found a live phishing site on one of Sony’s servers,” the F-Secure team posted on its News from the Lab blog on May 20.
Google’s Chrome browser warned users trying to get to the hdworld site that it was a reported phishing site. F-Secure warned Sony, and the phishing page is currently offline. The rest of the Sony Thailand site appears unaffected.
There are also unconfirmed reports of a phishing scam masquerading as fake PlayStation Network password reset emails. Sony is not out of the woods yet as it tries to address multiple security holes in its network being uncovered almost daily.