[govsec] and one more Change in Direction

jmetz at intac.com jmetz at intac.com
Sat Nov 6 17:04:40 EST 2004


and now this is evident

http://story.news.yahoo.com/news?tmpl=story&cid=581&ncid=581&e=12&u=/nm/20041103/tc_nm/crime_internet_phishing_dc

Net Banking Fraudsters Step Up the 'Phishing' Scam

Wed Nov 3, 1:29 PM ET

By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - Fraudsters have developed a potent new computer program
that steals Internet banking customers' details by duping them into
opening up a bogus e-mail, a British security firm said Wednesday.



Security technicians at MessageLabs fear it could become a favorite tool
for "phishing" fraudsters, who lure computer users to a fake Web site and
steal their banking and credit card details.


In the past, a phishing victim would have had to go through a relatively
cumbersome procedure of opening the bogus e-mail and then clicking on a
file attachment or Web site address located within the message to be
conned.


Now, the trick starts the moment the victim opens the seemingly innocuous
e-mail.


The program has been circulating on the Internet for the past week, but in
relatively small numbers, said MessageLabs.


The company added that the e-mails target three Brazilian banks -- Caixa,
Unibanco, and Bradesco -- but the fear is it could easily be re-engineered
to target almost any online bank.


"We've only seen about 30 copies. In volume terms, it's small. But people
should be on the look-out as this could be the next stage in the phishing
problem," a MessageLabs spokeswoman said.


MessageLabs said that once a person opens the fraudulent e-mail, a tiny
computer program known as a "script" immediately begins running.


It embeds itself on the victim's computer and overwrites bookmarked Web
addresses or automatically redirects the victim from the intended banking
site to an authentic-looking fake site that captures banking details.


Phishing frauds have become more and more prevalent over the past 18
months as more consumers do their personal banking on the Internet.
British police recently estimated phishing scams cost UK banks an
estimated 60 million pounds last year.


"Most banks have advised their customers to be wary of any e-mail asking
for personal banking details, but in this case all they have to do is open
an apparently innocent e-mail and their bank details could be silently
sabotaged," said Alex Shipp, senior anti-virus technologist at
MessageLabs.


The company said that if the computer user deactivates Windows scripting
host program on the PC, they run less of a risk of falling prey to the
scam.







More information about the govsec mailing list