The phisher's new hook
Published May 21, 2008
Over time the fish (that's us) get smarter and so the catch goes down - then it's time to beef up the tackle...
Phishing is using emails to entice you to part with vital signin information by directing you to a bogus website - maybe one that looks just like your bank. OK, so you knew that and you knew, too, that you should be wary of such emails and that your bank or building society will never ask you for this information.
The message is getting through and snaring unwary surfers is harder than when phishing began but emails are not the only way of getting this information and there is something much more sinister lurking in the still, deep water.
Trojans are tiny computer programs that, like all programs, need to get onto your computer to work. They come in various forms but the ones we are interested in are the trojans that sit and wait until you enter an address that they recognise and then they wake and perform the two tasks they were created for.
First they copy the username and password you use and then they send this over the internet
First they copy the username and password you use and then they send this over the internet to whoever is waiting patiently at the other end for their reply. Generally the websites they want are banks or other financial institutions and the person at the other end is a phisher.
The trojan can arrive in an email message attachment and it needs you to run the attachment before it will be activated. Obviously, the attachment won't be called 'BlogsBankTrojan.exe' but often arrives as an unrequested screensaver or a humorous or similar 'joke' file that tries to make you want to open it.
Here the moral is clear - don't open attachments in emails unless you are very sure you know in advance what they are. But trojans can arrive in other ways, too.
A website can also contain a trojan which will infect your computer just by looking at it. If this seems like magic, remember that your computer downloads the content of the site - that is all the content - to your computer to allow your browser to interpret it and show it to you. Running scripts on your computer at the same time to install trojans is not hard.
And so the new phishing threat (you have probably guessed it already) is to add trojans to the phishing email or the bogus website in a double-barbed attempt to hook your private financial data.
Being aware of how this works is half the battle but you should also consider these tips:
- Don't even read emails unless you are totally sure you know who sent them
- Never, ever, open attachments unless you are really sure you know what they are
- Type in urls for financial institutions (or copy and paste from a list you keep)
- Keep your antivirus well up to date and make sure it's a good antivirus
- Stay alert and if it looks suspicious - delete it!
Don't have nightmares - as they say - but be careful and stay safe!
More from Security Online
A recent survey has amazingly discovered that we often deliberately lay ourselves open to a virus attack. We examine some of the issues and suggest an alternative approach to online security
Imagine a virus attack, hardware malfunction or theft that results in losing the entire content of your hard disk. It can be one of the worst and most traumatic things that can happen so start now and protect yourself by storing your data in the cloud
It happens to us all at some time - we get caught! Find out what to do if it happens to you and how to tell if that email you just got is a phishing email or not
Phishers are getting cleverer, hooks are getting sharper but are you able to defend yourself? Get the lowdown on the next threat and be prepared!
You've heard all about Peer-to-Peer file sharing but exactly what is it and, more importantly, what are the risks involved?
This is an old program but is it just as effective today as it was when it first appeared? We try it out and give you the results.
Add a Comment
Please be civil.