Phishing has new hook

Fraudsters have developed a new way of stealing passwords for online banking accounts, warns security firm MessageLabs.

  • E-Mail
By  Simon Duddy Published  November 8, 2004

MessageLabs has identified a new phishing technique designed to capture online banking logon and account information that does not require users to click on a website link. When the recipient of the attacking e-mail opens the message a script is run that attempts to rewrite host files of the user's computer. When the user then attempts to access a bank account online he or she will be redirected to a fraudulent web site, which then captures the logon information. To date MessageLabs has intercepted some copies of e-mails that target some Brazilian banks, but is fearful that the technique will prove successful. At that point analysts there expect that phishing attacks will begin using this more advanced method of capturing identity information. Users who have disabled Windows Scripting are not at risk from this new type of phishing attack. "As ever, a combination of user education and the necessary levels of technology-based protection are essential to defend against computer fraud," says Alex Shipp, a senior technologist at MessageLabs.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code