[govsec] and one more Change in Direction

Spiess, David M., Jr. Spiess at TAFTLAW.com
Mon Nov 8 08:06:47 EST 2004 

Does anyone else miss the days of PINE?
No problems of viruses getting to the users then....





-----Original Message-----
From: govsec-bounces at attrition.org [mailto:govsec-bounces at attrition.org]
On Behalf Of jmetz at intac.com
Sent: Saturday, November 06, 2004 5:05 PM
To: govsec at attrition.org
Subject: [govsec] and one more Change in Direction


and now this is evident

http://story.news.yahoo.com/news?tmpl=story&cid=581&ncid=581&e=12&u=/nm/
20041103/tc_nm/crime_internet_phishing_dc

Net Banking Fraudsters Step Up the 'Phishing' Scam

Wed Nov 3, 1:29 PM ET

By Bernhard Warner, European Internet Correspondent

LONDON (Reuters) - Fraudsters have developed a potent new computer
program that steals Internet banking customers' details by duping them
into opening up a bogus e-mail, a British security firm said Wednesday.



Security technicians at MessageLabs fear it could become a favorite tool
for "phishing" fraudsters, who lure computer users to a fake Web site
and steal their banking and credit card details.


In the past, a phishing victim would have had to go through a relatively
cumbersome procedure of opening the bogus e-mail and then clicking on a
file attachment or Web site address located within the message to be
conned.


Now, the trick starts the moment the victim opens the seemingly
innocuous e-mail.


The program has been circulating on the Internet for the past week, but
in relatively small numbers, said MessageLabs.


The company added that the e-mails target three Brazilian banks --
Caixa, Unibanco, and Bradesco -- but the fear is it could easily be
re-engineered to target almost any online bank.


"We've only seen about 30 copies. In volume terms, it's small. But
people should be on the look-out as this could be the next stage in the
phishing problem," a MessageLabs spokeswoman said.


MessageLabs said that once a person opens the fraudulent e-mail, a tiny
computer program known as a "script" immediately begins running.


It embeds itself on the victim's computer and overwrites bookmarked Web
addresses or automatically redirects the victim from the intended
banking site to an authentic-looking fake site that captures banking
details.


Phishing frauds have become more and more prevalent over the past 18
months as more consumers do their personal banking on the Internet.
British police recently estimated phishing scams cost UK banks an
estimated 60 million pounds last year.


"Most banks have advised their customers to be wary of any e-mail asking
for personal banking details, but in this case all they have to do is
open an apparently innocent e-mail and their bank details could be
silently sabotaged," said Alex Shipp, senior anti-virus technologist at
MessageLabs.


The company said that if the computer user deactivates Windows scripting
host program on the PC, they run less of a risk of falling prey to the
scam.





_______________________________________________
govsec mailing list
govsec at attrition.org http://www.attrition.org/mailman/listinfo/govsec

More information about the govsec mailing list