-advertisement -

Phishing e-mails getting more sophisticated, targeted

What it is: Phishing e-mails are never going to go away, says David Marcus, security research and communications manager for McAfee Avert Labs. "They only need to be less than 1 percent successful to make any money."

If you've never received a phishing e-mail don't consider yourself lucky yet. While the actual volume of phishing attacks has gone down, the number of unique phishing attacks has gone up, according to David Cole of Symantec. Why? Scammers are targeting e-mail address lists, which means fewer e-mails sent per attack and a lower chance of detection for the scammer.

If you do get one, don't click on any links therein. Even if you realize that survey you're filling out for $100 at your bank's Web site is a fake before you hit the send button, fraudsters are going to try to sneak malware onto your computer, says Cole. "They're going to try and get something on your machine and steal your identity." There's simply a lot of money behind this scheme, he says.

Phishing e-mails spoof the e-mails from banks, eBay or any other company with which consumers may have an account.
In this example, the scammer urges recipients to validate their bank accounts with HSBC -- ironically, to protect against cybercriminals who are actively trying to con banks and their customers. Phishing e-mails sometimes warn against phishing to win recipients' trust.

Phishing attacks that target bank names typically focus on banks that have not implemented two-factor authentication, which makes use of information that the user knows, such as a password, and information that the user has, such as token-generated code. However, those whose banks use two-factor authentication should still be aware of phishing e-mails. Phishers have created Trojans that will sit on the user's computer until the user visits a banking Web site and gets authenticated. Then the Trojan will steal the session. Paul Wood of MessageLabs, says this type of attack is not very prevalent at the moment but is something to watch in 2007 as more banks start using two-factor authentication.

What you can do: "Don't click on anything in e-mails," says David Perry, the global director of education for Trend Micro.

If you get a worrisome message from your bank, call them using the number on a card or recent statement.

Always sign in using bookmarked Web pages or type the URL in yourself. Never sign in using a link provided in an e-mail.

Learn more about phishing e-mails by reading the Bankrate feature "Scammers still phishing."

You can report phishing e-mails to the Federal Trade Commission at spam@uce.gov.

6 types of Internet scams on the prowl:
Attacks using Web 2.0 sites will increase.
Malware will spread through instant messaging.
Volume of image spam will rise.
Phishing e-mails getting more sophisticated, targeted.
Botnets will grow in popularity among cybercriminals.
Phone threats will soon strike.
Bankrate.com's corrections policy
-- Posted: Feb. 22, 2007
Create a news alert for "saving"
14 must-know terms to protect computer
10 ways to thwart cybercriminals
Wipe hard drive clean or risk ID theft
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh

Compare Rates
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
  How much life insurance do I need?  
  Calculate your payment on any loan  
  What will it take to save for a goal?  
Begin with personal finance fundamentals:
Auto Loans
Credit Cards
Debt Consolidation
Home Equity
Student Loans
Rev up your portfolio
with these tips and tricks.
- advertisement -