Phishers’ Bait Draws in Victims

Wednesday, September 7, 2011 @ 12:09 PM gHale

Phishers are turning it up a notch with new ways to lure victims into their nets.

The latest phishing exploit ended up masked as a software company that offered considerable discounts on their products, said Symantec researchers. Users then would go to a page where they would give out all their personal information, including credit card details, which the attackers could later use to gain control of the person’s financial records.

Attacks Grow with Web App
Old Browser Plug-ins Big Attack Target
Trojan Sticks it to Super Glue
Malware Feeds Off Slow Patching

The draw was an 80 percent savings a reader could get on the website’s main page.

The catch for this trick was the page containing the offers was on a newly registered domain which ranked high in most of the popular search engines. The high rankings occurred by using keywords in the domain name which are very common in related searches.

The attackers also were able to make fake trust seals which bought them a whole lot of credibility. End users tend to trust security seals as they normally represent the approval of a third party security company which confirms the legitimacy of the website.

The seals seemed legit because of some sub-domain randomization techniques used by the phishers.

The best way to protect yourself against these threats is by being cautious. Also, here is some general advice on how to avoid phishing attacks:
• Never click on suspicious links contained in email or instant messages;
• Make sure when you check the security seal of a website, the URL from the seal-proving window is a secure HTTPS address;
• Never enter private information in pop-up pages;
• Always keep your security software up to date.

Leave a Reply

You must be logged in to post a comment.