|
|
 |
|
|
Pages: 1
More dangerous types of Phishing attacks emerging
(Click here to view the original thread with full colors/images)
Posted by: Ion Silverbolt
Informationweek.com has some news about a new type of Phishing attack that can even nail you if you know it's not legit.
One new type of phishing attack is particularly hard to identify. The technique can result in stolen personal data even if the recipient of the fraudulent e-mail is not fooled by it. When a bank customer simply opens the e-mail, a program attached to the e-mail by the phisher silently runs a script - even if the customer deletes the message without clicking on any embedded links. When that customer attempts to visit his or her bank's legitimate Web site - during that session or a future session - the malicious code redirects the person being phished to a fraudulent Web site.
Even a savvy Web-banking customer is vulnerable to this type of attack. Banks are educating customers on how to identify a fraudulent e-mail, but financial institutions can't do much to protect clients from simply opening fraudulent e-mail, according to Alex Shipp, senior antivirus technologist, MessageLabs (New York), a provider of e-mail security services. "It is difficult because banks don't own their clients' computers," Shipp says. "They can't do much to protect customers, but what they can do is, as soon as they learn about these sites, they can take them down," he continues. "It's more of a reactive thing; there is not much they can do proactively."
|
|
|
|
|
