This week in phishing

Spammers and phishers are learning more about potential victims to better hone their attacks.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Spammers and phishers are learning more about potential victims to better hone their attacks.

Web sites that use e-mail addresses as identifiers for password reminders and registration are open to exploitation by scammers that want to generate detailed profiles of people, security company Blue Security said in a research report.

with the technique described in the report, spammers and phishers automatically run thousands of e-mail addresses through Web site registration and password-reminder tools. Because many online businesses return a specific message when an e-mail address is registered with the site, attackers can find out whether that address represents a valid customer.

Using information gathered from a number of sites, attackers can tailor malicious e-mail messages for individual recipients. That makes it more difficult for Internet users to distinguish real messages from those that are junk or part of a cyberscam. Also, customized messages are less likely to be caught by spam filters, experts said.

As Internet scams proliferate, Bank of America is launching a double-edged system it says will better protect its online banking customers against phishing and spyware. The new service, SiteKey, is designed to let people know when they are on an authentic Bank of America site. It will also verify the identity of the customer.

When people register for SiteKey, they pick an image from a list and type in their own phrase to be associated with their account. When they enter their login name and hit the SiteKey button on the Bank of America site, that same image and phrase are displayed in response, said Sanjay Gupta, an electronic commerce executive at the bank. This verifies that the user is in fact on the real Bank of America Web site, he said.

Firefox users are getting extra protection from Internet service company Netcraft, which has released a version of its toolbar to help users of the Web browser avoid phishing scams. The Netcraft toolbar blocks phishing Web sites that have been reported by other users. A version of the plug-in for Microsoft's Internet Explorer browser has been available since December.

The Netcraft toolbar includes other features, too, to help people stay more security-aware when surfing. For example, it includes a risk rating for Web sites, as well as information about the popularity of a site and the country in which the site is hosted, according to the Netcraft site.