Phishing attacks, where attempts are made to get users to divulge personal information by visiting spoofed web sites, are getting more sophisticated, according to Mark Sunner of MessageLabs who talked to IT Week.
Spyware inadvertently downloaded, often thanks to enticing emails for free software and other ‘goodies’, is now collecting personal information about the victim from their own PC and using it to launch a more personalised, and thus convincing, attack.
So, whereas before you’d get emails supposedly from some bank you’d never heard of telling you that you needed to enter your account details at their spoofed website, now you might actually get email looking like it’s come from your bank.
And potentially more worrying is that spyware and viruses could be used to track the keypresses you use to log in to your online banking system, then send those over the Internet to the fraudster.
Criminals may also be looking to the convergence of instant messaging
clients, and social networking sites like MySpace, as new ways to get
users’ personal information.
In other news, Google has launched a search engine specifically for
finding the source of viruses. Users can enter the name of a virus or
malware and the engine then searches the Net to track it down. Though
it’s designed to reduce online security attacks, I’m not quite sure
which users are going to use this.
More reasons (like you need them) to keep security software up-to-date,
and also understand what communications policy your bank and other
financial institutions have (most say they’ll never ask for your
personal information by email)
Phishers snare victims in customised nets
New search engine to find viruses