Wednesday, November 24, 2004


Automated phishing and other techniques are on the rise. Typically, I saw these phishing scams as lame that preyed upon the neophyte surfers and email users since their scams requesting for information seemed generated from my old Apple IIe or written by a high school kid. This past month I got one that seemed to be from PayPal requesting me to update my information due to numerous visits from a foreign IP address. The email showed to be sent from "," and I had to double-check with PayPal since it almost seemed convincing. It was a phishing scam that was pretty good.

Fraudsters are achieving higher levels of automation for phishing scams, using software tools and botnets to increase the reach of their work, according to the Anti-Phishing Working Group.

Security experts from the APWG have witnessed massive increases in the number of phishing Web sites, which they say suggests scammers are improving their techniques.
(full article)

More from Vikram Desai:

Phishing crooks aren't staying still--they're getting smarter.

Phishing is a technique used by hackers in which spammed e-mail draws you to a phony Web site that looks amazingly like that of a trusted institution such as your bank. Once there, victims unwittingly disclose personal financial information that the phisher uses to defraud the e-business and conduct identity fraud and theft. Because of well-publicized phishing attacks, most people are now sensitized to these scams.

There is now an even scarier development on the phishing horizon--one in which e-businesses may become unwitting accomplices, because it is difficult for even the most savvy of Web users to detect. "Blended phishing" attacks employ a trusted organization's legitimate site, rather than a mock site and a fake URL address. The result is that even the most cautious users are unlikely to recognize the bogus link as a threat. (full article)

No comments: