'Phishing' scams luring more users
Security firm MessageLabs says the number of e-mails that use the deceptive tactic has increased from 279 per month to 215,643 over the past six months.
Phishing is an Internet scam in which unsuspecting users receive official-looking e-mails that attempt to fool them into disclosing online passwords, user names and other personal information. Victims are usually persuaded to click on a link that directs them to a doctored version of an organization's Web site.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
The Anti-Phishing Working Group (APWG), which was formed in November 2003 to provide a forum for financial institutions to share information about new phishing campaigns, recently warned its members about an attack that can modify the victim's browser by replacing the address bar with a Java applet. This allows the attacker to take the victim to any Web site but display the address of an official Web site in the browser's window, increasing the chances of fooling people.
According to the APWG's Web site, the new attack targeted Citibank customers at the end of March. "This sophisticated new attack automatically detects the consumer's browser and applies a custom JavaScript that replaces the look and feel of the Web address bar with an appropriately designed working fake. You can even type in the bank's Web address directly into the fake address bar--this is a live piece of JavaScript code, not a static fake address bar image," the organization said.
Munir Kotadia of ZDNet UK reported from London.