Phishing Scams Grow More Sophisticated
by Lisa Padget
Phishing criminals constantly seek to deceive Internet users into divulging usernames, passwords, credit card numbers, and other account information. Their treacherous new tactic, "secured phishing," employs phony digital certificates to allay users' suspicions about spoofed sites.
Most phishing attacks begin with a spammed e-mail message that urges the recipient to click on a link to update account information. The link points to a spoofed version of a real site, which requests username, password, or credit card information.
The new element of the phishing attack is a self-signed digital certificate, exploiting users' faith that Secure Sockets Layer digital certificates have been issued by a certificate authority. The spoofed web site uses HTTPS protocol, so the browser displays the "padlock icon" that designates a secure site. The site looks legitimate.
To protect against this scam, set your browser security setting to high, always type a web site address in the address bar, and avoid clicking on any link supplied in an email message to access a web site.
The following web site provides information and practical tips to ensure safer computing:
http://onguardonline.gov/stopthinkclick.html
For more information on IT security, please see Security Matters, the Summer 2005 issue of UCit now.
|
