Network News

X My Profile
View More Activity

Would You Care for a Virus with Your Phish?

I recently received a rather frightening e-mail from a contact who has closely followed our coverage of phishing scams. For the past few months I've been asking this person to be on the lookout for phishing scams that try to download computer programs to your machine when you click on a link embedded in the phishing e-mail.

Phishing scams typically try to convince computer users into clicking on a link that takes them to a fake bank or e-commerce Web site.  The scammers hope to trick you into entering personal financial information at these sites that they can then use to raid your credit card account or steal your identity.

But the authors of phishing scams are highly opportunistic, and it occurred to me that it would not be long until we saw them try to improve upon their methods.

Apparently, I think like a criminal. The phishing e-mail my contact sent tried to hijack my computer in addition to directing my browser to a Web site designed to look like it was operated by a small British bank. After I got done yelling at him for sending this little nastygram without warning me, I got to looking at it a bit more closely.

In this particular phishing scam, simply clicking anywhere in the HTML e-mail caused my Firefox browser to begin downloading a file while the fake site loaded in the background. Needless to say, I killed the download immediately.

The moral here is don't click on links in e-mails you aren't expecting! We recently conducted a Web chat with Dave Jevans, head of the Anti-Phishing Working Group. Several participants wrote in saying that they took secret pleasure in messing with "phishers" by entering fake personal and financial information at phishing Web sites. But as my experience showed, many new phishing scams use some kind of programming tricks to fool with your Internet browser. So even though you may never enter any information at a phishing Web site, the criminals gain the ability to control your computer and get the personal financial data they were looking for in the first place.

By Brian Krebs  |  March 31, 2005; 9:15 AM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New Worm, Old Tricks
Next: Windows "Icon and Cursor Bug" Patch Problems Persist

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company