Phishers Execute Personalized Attacks

Security researchers report that in a new phishing operation, scammers are concentrating on assaults that are more personalized.

Samir Patil, Threat Analyst, Symantec, said by using the new tactic, spammers were slightly tweaking the phishing e-mail to make it appear more personal. Accordingly, the e-mail addressed the recipient using his proper name, as reported by Vnboards.ign on May 27, 2010.

In one particular instance of the above kind of phishing e-mail sent by a person named Jen Ward to another person Mr. John, the message begins by enquiring John's well-being and then swearing that he saw him at Starbucks.

Thereafter, the fake phishing e-mail offers the reader some photos. But on clicking that shortened web-link, the user lands on offensive websites and at times even gets his bank account charged.

The security researchers note that scammers may employ genuine link-condensing/shortening facilities such as tiny.url or bit.ly (used in John's case) to get the malicious web-link camouflaged. During the process, the real destination of the link is reportedly concealed. The researchers give a reason that it isn't in fact necessary to condense a web-link inside an e-mail.

Given the fact that these personalized scam e-mails are highly malicious, security researchers state that phishing attempts can be best avoided if nothing is clicked on except when a user is completely sure about the veracity of a particular link. Users should always manually enter the website's URL intended for visiting into the address bar of their browser to gain the access.

Additionally, they should make sure that their anti-spy and anti-virus programs are up-to-date on their PCs since condensed URLs may open up nefarious websites which may load malicious software on their systems. Further, these programs should be regularly updated so that users become aware whenever their computers' safety becomes endangered or compromised.

If in trouble, users suspecting an exploitation of personal information should inform appropriate officials so that the phishing criminal be tracked down and duly punished. Finally, users should regularly review their bank and credit card statements to check if any unauthorized withdrawal may've occurred.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 6/5/2010