This month a total of 3 malicious programs for non-Windows platforms appeared out of nowhere.
Source: www.kaspersky.com
Bank of Oklahoma Thwarts Phishing Scam
The Bank of Oklahoma (BOk) averted a major phishing attempt targeted upon itself on June 25, 2008. It shut down a bogus phone number, found in an e-mail, which was programmed to dupe customers into divulging their personal information, as reported by TULSAWORLD on June 25, 2008.
The fraudulent e-mail said that certain security changes conducted recently on the servers of the bank's online processes caused loss of personal data. Therefore, the e-mail urged its recipients to call on a phone number and submit their financial details to continue their online banking accounts. The e-mails were sent randomly, reaching customers of BOk as well as non-customers.
Jesse Boudiette, a Spokesperson for the BOk, said that within an hour of the phishing scam reports came in, they took help of a third-party security provider to shut down the fraudulent phone number, as reported by TULSA WORLD on June 25, 2008.
Boudiette also clarified that most banks do not request or send personal information either through an e-mail or a phone call. It is very rare that such a case would happen.
Hence, this e-mail phishing scam is known as "vishing" because people do not click links that take them to a fake Website, but instead call on a particular number to verify their financial account information.
Hackers try to gather personal and financial information through phishing. They lure account holders to divulge their bank account code information and routing numbers, including PINs, passwords, credit-card numbers and validation codes, social security number, etc.
Phishing e-mails often display a sense of emergency by warning customers that their accounts would either be shut down or they might be denied access if they do not immediately respond in the prescribed manner.
Boudiette cautioned that any communication from the bank's side asking for personal financial information should potentially be considered fraud. Instead, the bank should be contacted personally to address such concerns. Boudiette added that nearly 14,645 similar "phishing" scams were reported worldwide in May 2008.
Meanwhile, the BOk has asked recipients of the fraudulent emails to forward it to bokonlinefraud@bokf.com, created for this specific purpose.
Source:
Experts: Phishing Scams Have Increased and Become Difficult to Trace
The security experts said that e-mails carrying a link are very dangerous. The moment user clicks on it, problem comes up. Interestingly, it does not matter whether the e-mail is well or poorly written; it is just the link which causes the real damage.
The detection of phishing Websites is very tough as hackers make use of company's authentic logos and designs. Therefore, one could not figure out whether the private details such as username and password are going in safe hands or not.
Security and Research Manager for security software maker McAfee Inc. in Santa Clara, Calif., Dave Marcus said that perpetrators operate their businesses with salaried employees, which include professional writers as well as programmers, as reported by CBCnews.ca on June 25, 2008.
This report was found true as another similar report prepared by Gartner (security research firm) in December 2007 revealed that phishing multiplied by almost 800% from April 2003 to May 2007 and is still increasing.
Also, now the technique of phishing has been modified which is quite apparent with the sudden emergence of a spear phishing.
Manager of SophosLabs Canada at Sophos, Dmitry Samosseiko added that many phishers target the gaming Websites to steal the user's "virtual money", as reported by CBCnews.ca on June 25, 2008.
Matt Richard, Director of iDefense's Rapid Response Team, commented on the latest case of spear phishing of Verisign and said that it is all about social engineering. And he denied that the attackers send any rigged files. Instead, he claimed that they send harmful codes that help them to obtain personal data of the users under the guise of some official and authentic source, as reported by SCMAGAZINE in the 1st week of June 2008.
Further, to overcome these sites, Dmitry advised that users should always visit the banking and money related sites by typing the Web address on the bar rather than clicking on any attached link in the mail.
Source:
