I was reading the latest issue of PC Magazine today and saw a headline that shocked me:
E-Mail Scam Dupes Linux Users
So while at first I thought PC Magazine had made a liar out of me (since in my previous post I said that most Linux users are more technically inclined that the average Windows users and therefore less likely to be duped), after reading the accompanying article I decided that sensationalist journalism is definitely out of hand. A more approriate headline would have been:
E-Mail Scam Targets Linux Users
As it turns out, the scam was an email that claimed to be from "Red Hat Security Team" and provided a download URL for a security patch that was supposed to fix several vulnerabilities. The download link was at fedora-redhat.com rather than the legitimate site fedora.redhat.com. This scam is clearly patterned off of the many such scams targeted towards Windows users.
What the article failed to include, however, was that anyone had actually been scammed, what the "patch" actually does, etc, or the fact that about 36 hours after the vulnerability was made public, the download site was gone. Nor does it mention that the email used poor English and, unless you fell off the watermelon truck yesterday, wasn't something that you would think to be legitimate. Bottom line: the scam wasn't really a scam.
Could such a scam affect Linux and Linux users if it were professionaly done? Quite possibly. But let's save the sensational headlines for when there's actually some damage. In the meantime, of course, everyone should use caution, regardless of their operating system: it is clear that no system is going to be safe for long as the scammers get more and more clever.