Thursday, December 08, 2005

Latest phishing scams

Globetechnology reported More than two-thirds of Americans who received messages attempting to steal their identities believed the e-mail came from legitimate institutions, a study by America Online says. The practice, known as phishing, tries to trick recipients into disclosing sensitive data such as credit-card numbers and passwords by masquerading as alerts from financial institutions. The attempts affect about 23 per cent of Americans each month.

I get several of these each month. I have published several articles about them (some I wrote, some by others), including here, here, here, and here.
The study — the second annual AOL-National Cyber Security Alliance On-line Safety Study — also said that 81 per cent of its respondents lack at least one of the three protections — updated computer virus software, spyware protection and a firewall — to guard against viruses, spyware, hackers and other threats.

The study involved sending technical experts into hundreds of typical homes to examine personal computers for known security risks and threats. Underlining the growing risk of phishing attacks, 18 per cent of those taking part in the study said a friend or family member had already been victimized by an on-line identity theft scam. Worse, only 42 per cent were familiar with the term "phishing" and, of those, just 57 per cent could define it properly.
Do you know the term, and do you know what it means?
"Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can't tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft." AOL chief trust officer Tatiana Platt said in a statement.

More than half (56 per cent) of the participants either had no anti-virus protection or had not updated it within the previous week, the study found. Almost half — 44 per cent — did not have a properly configured firewall, and 38 per cent lacked spyware protection.
I have all three. What about you?
Despite these findings, 83 per cent of users believed that they were still safe from on-line threats.


Information Week reported Next Sober Attack Slated For Jan. 5 - The next big Sober worm attack is scheduled to take place January 5, 2006, a date probably picked because it's the 87th anniversary of the founding of a precursor to the Nazi Party, a security firm said Wednesday. January 5, 2006, was the date embedded in the most recent Sober variants, said Ken Dunham, a senior engineer with Reston, Va.-based VeriSign iDefense, a security intelligence firm. "We did reverse engineering on the variants, and found this date in the code," said Dunham. "The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version."

No comments: