A statement issued by Trusteer Inc. claims that a new phishing scam is targeting customers who “use content management systems rub by Yahoo and other service providers.” Trusteer Inc. is, according to its website, “a privately held corporation founded by senior Internet security industry executives with specific expertise in enterprise and consumer desktop security.” Yahoo customers are receiving phony e-mails that are asking these users to confirm their account information, and in the process putting their account at risk. These phishing e-mails ask for sensitive information and data that compromise the Yahoo accounts. Defined by Wikipedia, “Phishing scams are fraudulent processes that attempt to acquire sensitive information.” After receiving this information, the cybercriminals use the stolen account to set up fake bank websites to steal funds from other Internet users.
Along with setting up fake websites these hackers are using malicious code to cause havoc on the Internet and are uploading this through the stolen info, all which is received through the phishing scam. Due to legit logins that are done through the content management website, these hackers go undetected and a breach is almost impossible to detect until it is too late.
Trusteer Inc. can’t figure out where these emails are originating and are having a difficult time detecting where the hackers who set these fake websites up are residing. Likewise, in September researchers noted that attackers were using brute force attacks and scripts to bypass the original login requirements. People are researching these logins and are monitoring such actions as well.
I know we discuss these types of attacks all of the time and we make sure that we don’t reveal any personal or login information to a specific website without knowing who is asking for it. We see activities like this happening all of the time including our own Notre Dame Federal Credit Union. We will continue to see phishing scams and as in this specific example see different ways in which phishing scams are fulfilled.
Sources:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1376209,00.html
Posts
No comments:
Post a Comment