Phishing e-mails getting more sophisticated, targeted |
| By Leslie McFadden
• Bankrate.com |
|
What it is: Phishing e-mails
are never going to go away, says David Marcus, security research
and communications manager for McAfee Avert Labs. "They only
need to be less than 1 percent successful to make any money."
If you've never received a phishing
e-mail don't consider yourself lucky yet. While the actual volume
of phishing attacks has gone down, the number of unique phishing
attacks has gone up, according to David Cole of Symantec. Why? Scammers
are targeting e-mail address lists, which means fewer e-mails sent
per attack and a lower chance of detection for the scammer.
If you do get one, don't click on any links therein.
Even if you realize that survey you're filling out for $100 at your
bank's Web site is a fake before you hit the send button, fraudsters
are going to try to sneak malware onto your computer, says Cole.
"They're going to try and get something on your machine and
steal your identity." There's simply a lot of money behind
this scheme, he says.
 |
| Phishing | |
|
| Phishing
e-mails spoof the e-mails from banks, eBay or any other company with which consumers
may have an account. | | |
| In this example, the scammer
urges recipients to validate their bank accounts
with HSBC -- ironically, to protect against cybercriminals
who are actively trying to con banks and their customers.
Phishing e-mails sometimes warn against phishing
to win recipients' trust. |
| | | | | 
| Image courtesy of
Sophos Plc. |
| |
Phishing attacks that target bank names typically focus
on banks that have not implemented two-factor authentication, which
makes use of information that the user knows, such as a password,
and information that the user has, such as token-generated code.
However, those whose banks use two-factor authentication should
still be aware of phishing e-mails. Phishers have created Trojans
that will sit on the user's computer until the user visits a banking
Web site and gets authenticated. Then the Trojan will steal the
session. Paul Wood of MessageLabs, says this type of attack is not
very prevalent at the moment but is something to watch in 2007 as
more banks start using two-factor authentication.
What
you can do: "Don't click on anything in e-mails," says David
Perry, the global director of education for Trend Micro. If you
get a worrisome message from your bank, call them using the number on a card or
recent statement. Always sign in using bookmarked Web pages or
type the URL in yourself. Never sign in using a link provided in an e-mail. Learn
more about phishing e-mails by reading the Bankrate feature "Scammers
still phishing." You can report phishing e-mails to
the Federal Trade Commission at spam@uce.gov.
|
6 types of Internet scams on the prowl: |
|
|
|
|
| 
