Newest Phishing Scam Employs Legitimate Web Sites
Increasingly sophisticated phishing attacks are chipping away at the reliability of e-mail and Web-based applications as a trusted form of communication for business transactions. And the Anti-Phishing Working Group's latest report doesn't hold much comfort.
The APWG's , issued last week, indicates that the Citibank brand was again the No. 1 target for fraudulent e-mail-based scams. There were nearly 1,200 unique phishing attacks reported to the APWG in May, which is 6 percent more than in April.
When I talked with APWG spokesperson Dan Maier, I learned about an emerging phishing technique that's not in the report but worth describing for enterprises as well as Internet users.
Phishers are beginning to bait the hook by directing marks to a legitimate institution's Web page that describes password security. A week later, the phisher sends the potential victim a "follow up" e-mail strongly encouraging the victim to create a new password using the guidelines that were pointed out the week before.
It's just one more step in the social engineering of a scam designed to rip off even fairly well-trained Internet users.
Until there is a reliable, authenticated method of communication for business, I'll continue to deep-six unexpected messages that are supposedly from financial institutions I use.