Digital Criminals Hone Their Phishing Skills

Phishing e-mail was distributed in Kyiv, Ukraine. It targeted unwary people and lured them to update (and thereby divulge) their account info at a link provided, to comply with recent update of servers.

Security expert Ron O'Brien, a senior analyst at Sophos operates a major spam lab in Vancouver. He warns that phishers were getting better and better in their tactics and had almost reached a point where they are now creating seemingly trustworthy websites. He added that these phishers have mastered an unbelievable standard of creativity making incredible graphic designs that are almost identical copies of the associated websites. They were even delivering cleverly crafted original e-mails meant to extract account numbers and passwords from innocent people.

Phishing normally involves sending e-mails under the pretext of official mails from a known financial institution like BoA, or more commonly from PayPal. Most of the time the e-mail contains a strong warning that the recipient should log into his account to prevent it from getting cancelled. It could also ask to login in order to rectify a possible security risk linked to the recipient's funds. The mail asserts that the login with ID and password must be done with the links provided in the e-mail.

The moment one enters his ID and password it reveals them on the crooks' systems that then steals the credentials and clean up the user's real accounts. The criminals send these e-mails in huge numbers so that at least a small percentage of the recipients trading with the said financial institution falls victim. This is called fishing for information.

O'Brien comments that the degree of complexity of phishing attacks is increasing rapidly, so much so that even institutions and enterprises, which feel that they have sufficient security systems are beginning to realize that they are still short of protection. Thus complacency will invoke disaster. No business company should take their security measures for granted or settled forever.

Federal authorities have taken initiatives in 'digital gumshoeing'. However, they are more used to tracking bank robbers than cyber thieves. Hunting high-tech online criminals requires advanced training and a new approach to fight their activities.

Related article: Digital Certificate Flaw Leads to Unrecognizable Phishing Attacks

» SPAMfighter News - 9/12/2006