Phishing schemes still causing problems | SummitDaily.com

Phishing schemes still causing problems

CLICK AND HACKspecial to the daily

During the middle of last year, we wrote about the threat of phishing schemes, where bad guys send e-mails to unsuspecting recipients falsely claiming to be legitimate companies in an attempt to trick the reader into visiting a bogus website. Once there, they’re asked to provide social security numbers, credit card numbers or bank account information that can be used in identity theft. Until recently, the growth of the schemes has averaged 26 percent per month, according to Anti-Phishing Working Group, though growth is slowing. Having written about this subject in the past, I should’ve known better when I received a particularly clever phishing e-mail. The e-mail supposedly came from PayPal and warned that my account would be suspended if I didn’t update my credit card expiration date. What made the e-mail so compelling was that it included the last four digits of my credit card. Furthermore, this credit card was indeed about to expire. Knowing this, I decided I better take action and visit PayPal to update the information. Out of caution, I guess, I logged into the PayPal site directly instead of clicking through the link. I looked for my credit card information and realized that I had never even put my card on file with PayPal!

While I avoided being duped, I still found the e-mail compelling enough to spur me to action. Scary. Given the growing sophistication of these schemes, we felt it was time for an update on the threats.Schemes become more sophisticatedPhishing schemes have become far more sophisticated and difficult to spot, and experts fear that future attacks could be so well-executed that users could unknowingly end up on a bogus site and have no easy way of even discovering they’ve done so.

Several phishing offshoots illustrating this threat have sprung up recently including instant messaging-based schemes, “pharming.”- Cnet reported that Yahoo! Instant Messenger users were recently targeted with messages (appearing to come from someone on their buddy list) asking them to give their Yahoo ID and password on a fake Yahoo! website. – Pharming. You’ve been “pharmed” when, from a legitimate site, you’re redirected to a malicious, often identical-looking site where you’re asked to provide sensitive information or where the server attempts to download spyware. Pharming can be even more insidious than phishing since you may not even know that you’ve been redirected to a threatening site. – Cross-site scripting. This form of identity theft occurs when bad guys use JavaScript to put their content on top of legitimate pages, commonly the websites of banks. Quite often, the thieves insert a fake customer login box designed to harvest password data used with the legitimate site.

If there is one thing you should always remember, it’s never to give personal information when prompted by e-mail, or even when landing on a site you’re familiar with. Always initiate the process yourself from a “fresh browser page” and by visiting a site directly. For more complete information on how to avoid getting hooked, check out http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm. Microsoft also offers great information on all these threats at http://www.microsoft.com/athome/security/privacy/default.mspx.You can also e-mail clickandhack@friscocomputerstore.com.