New tackle for amateur phishers

New tackle for amateur phishers

By JACK KAPICA
Globe and Mail

Want to make big money fast? A kit now available for free on the Internet can make your wildest dreams come true.

One hitch, though: Using it is a criminal act, and you can land in jail for a long time.

Security experts at Sophos, maker of anti-virus and anti-spam products, warn that do-it-yourself "phishing" kits have made their appearance on the Internet as free downloads.

Phishing is the name given to the kind of identity-theft scam that attempts to persuade its victims to fill out a form with details of their bank accounts, credit-card numbers and other personal information. Victims can be fooled into doing this when they believe they are reconfirming information needed by a reputable institution with which they are doing business.

Anyone surfing the Web can now get their hands on these phishing kits, launch their own phishing attacks and defraud computer users of the contents of their bank accounts.

The kits contain all the graphics, Web code and text required to construct bogus websites designed to have the same look and feel as legitimate on-line banking sites. They also include spamming software, which enables potential scammers to send out hundreds of thousands of phishing e-mail messages as bait.

Hundreds of thousands of phishing e-mail messages are sent across the Internet every day, Sophos says, and the problem is growing. It is expected to grow even more with phishing kits now freely available over the Net.

So far, phishing scams have been used mostly by professional criminals.

But, Sophos security analyst Chris Kraft said in a statement, "with the recent discovery of the 'build your own phishing' kits, we'll certainly see individuals who aspire to the same level of success. Mirrored banking websites that dupe customers into disclosing sensitive information such as passwords, PIN numbers and account details will now be easier to create, and consumers and businesses will be even more susceptible."

Sophos urged users to be wary of any e-mail asking them to reconfirm sensitive financial information and advises them that anti-spam software can prevent many of these unsolicited messages from even reaching inboxes.

Globe and Mail

 

That's bad... It shows what people nowadays do to people and they don't care who they hurt so long as they maliciously gain things from other people.

Tip:
People who use online banking and auctions in particular, but not limited to should check the address bar of their web browser carefully and should type the address instead of clicking anywhere (for important sites that require such personal information)

squash

 

I'm just waiting to see a phishing email that pretends to be a real phishing kit website, a phish of a phish.

 

strange bait