Friday, August 22, 2008

Phishing 1.0 Attacks Persist

I received a "warning" this morning - a "Sun Trust Banks Installation and Upgrade Warning" pretending to be from SunTrust Bank - requesting that I head over to the bank's "Upgrade Department" and download a "the latest software updates".

I'm pretty sure that if I called SunTrust and asked to speak with the "Update Department", the request would be met with some form of confused silence.

I find it interesting that these "Phishing 1.0" scams are still being sent out. The formatting alone looks pretty dire, and I wonder who, if anyone, might still be uninformed enough to click on such an obvious fraud.

True, it was addressed to me personally, and has a return email address that looks genuine. This combination may just prompt a consumer to click on the link. Despite some obvious malformations, the URL also looks somewhat official.

I saw a much better attempt a few days ago that targeted one of the leading main street banks in the UK and did a much better job of looking official and sounding convincing.

Some are calling these kind of attacks "Phishing 2.0" - phishing that actually looks real, as opposed to the easily picked-apart example above, that combines with malware that looks inviting (free antivirus) but is potentially extremely harmful.

If you're a bank, trying to communicate with customers so you can educated them about these threats can be difficult - many of the Phishing 2.0 scams include privacy notices and all kinds of promises concerning data security. They are much more carefully crafted than the example above.

One positive move you can make to reduce the effectiveness of these scams is to encourage users to use a secure browsing environment, such as Authentium SafeCentral when banking or trading online.

We have excellent protection in place against these kind of threats, and SafeCentral also enables a secure communications channel that can be used for customer education - and actual security warnings.

No comments: