 |
 The phishing scams get more sophisticated, cold-blooded
December 4, 2004
You don't have to receive a "phished" email anymore to get defrauded, your unsuccessful Internet search attempt would suffice.
Phishers are setting up fraudulent e-commerce Web sites and simply wait for victims using Google and other search engines to find them, a security company has warned.
Commonly, phishing scammers have lured their victims to fraudulent Web sites by sending official-looking e-mails similar to ones that come from well-known companies asking users to 'verify' their user names and passwords. If users grab this bait, their online accounts will be surrendered, letting fraudsters take any action including withdrawing all the funds on them. Now many cyber crooks are setting up legitimate looking e-commerce sites that disguise links to malicious parts of websites as pictures of goods traded, according to CyberGuard.
Paul Henry, a senior vice president of CyberGuard, said that when Web shoppers search the Internet looking for products they want to buy, they could be directed to a decent e-commerce site that instructs them to "Click here to download images" of the product. He went on to say that "instead of linking to pictures of the advertised product, the links point to a self-extracting ZIP file that installs a Trojan horse on the victim's computer. The program could then steal personal and financial information".
"If it looks too good to be true, it probably is. Don't let the Grinch steal your Christmas," said Paul.
According to the information from the Anti Phishing Work Group, or the APWG, made available last week, a phishing toolkit, which could help create and automate phishing attacks, was being distributed on the Internet.
In the beginning of November, a security company Messagelabs that strives for circulation of secure and authentic e-mail, warned of a new phishing method that did not require a user to open an e-mail attachment or click a link contained in an e-mail's body to become affected.
Messagelabs said it had discovered some malicious e-mails that, when viewed, could run a script that manipulated certain files on the victim's computer. The next time that computer attempted to log on to a legitimate banking site it would automatically be redirected to a fraudulent Web site.
Be careful when you receive a suspected phished e-mail! Never react to it by immediately giving out your account credentials! Contact an issuing party by the means of email, business address, or, preferably, a phone number that is already known to you (not the one contained in a text of that message!). To find contact information, be sure to check previous correspondence with this entity, or use any credible business directory or yellow pages services.
As for the Internet safety, be sure to use updated antivirus software with last security definitions loaded onto it, never open suspicious attachments in emails, and put yourself behind the protective barrier offered by credible personal firewall.
|
|
