Phishing numbers up due to "Rock Phish"
Posted 25 May 2007 - 06:26 AM
May 24, 2007 ~ "Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers... some of the more technically advanced phishing groups have started shifting their sights to higher-dollar targets. The source of this latest twist in phishing is known as "Rock Phish." These attacks generally involve techniques to avoid new anti-phishing measures. Both the Firefox and Internet Explorer Web browsers include features that alert users if they try to visit a site that has been flagged by security experts. Rock Phish attacks are designed to thwart this "blacklisting" approach by generating multiple, unique Web addresses for each attack, thus making it easier for them to evade phish filters... The new Rock Phish attacks "are trying to intercept credentials of people who have access to online services that provide very detailed credit and consumer data"... The Rock Phish scams also are going after commercial banks, those that service large and medium-sized businesses, in part because those institutions' thresholds for detecting fraud are higher than with consumer banks... Another target recently folded into the Rock Phish attack stable is job search giant CareerBuilder.com. Job-search sites are attractive because many applicants list all kinds of personal data on their resumes, including Social Security numbers and previous addresses..."
(Screenshots and more detail at the URL above.)
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...