Gone Phishing
Gone Phishing
Over the last two years or so, there has been a huge increase in so called Phishing scams. The best way to avoid such scams is to make sure you start a fresh browser session when logging on to your internet bank, and never follow links to it from emails.
The NOD32 virus-radar project (http://www.virus-radar.com) was originally conceived to report on viruses that are contained in email, but in the year that the system has been running, its usefulness has proven to be far wider.
Over the last two years or so, there has been a
huge increase in so called Phishing scams. Phishing scams
usually take the form of a counterfeit e-mail message,
mass-mailed by criminal hackers, purporting to be from the
recipient's bank. These scams try to deceive recipients into
disclosing credit card numbers, bank account information and
various personal details. The email messages are often very
professional, and really look as if they came from a bank,
financial institution or an ISP. Usually they demand
recipients click on a supplied link, and the text in the
message often urges or threatens users to carry out the
requested action - often this is under the premise that
there has been a problem with their account, and that for
security reasons, the email recipient must follow the
procedure to make sure their internet banking continues to
operate correctly. After clicking the link, the targets are
sent to a fraudulent site, which looks just like the
institution's web site and are asked for sensitive
information. These scams rely on tricking the recipient -
using techniques sometimes called "social engineering" -
into opening the link, and supplying the requested details.
There are a large variety of these scams that imitate various banks and institutions. The groups behind the "phish" then make a profit from the submitted information collected from the people they managed to trick.
Although these emails are not traditional
malware - for instance, there is not normally any enclosed
attachment containing a virus - Eset's NOD32 antivirus
system has the ability to detect such scams. Because of
this, virus-radar will often show when a specific type of
fraud is particularly prevalent. Recently, two such
fraudulent emails have hit the top ten malware detected by
virus-radar. (Figure 1) It's a crime that is clearly
successful, as the incidence of new Phishing scams is still
on the rise.
The best way to avoid such scams is to make
sure you start a fresh browser session when logging on to
your internet bank, and never follow links to it from
emails. Your bank will never ask you for your details such
as passwords by email.
You can keep an eye on the
latest malware at
http://www.virus-radar.com