Phishing E-mail May Hide a Trojan
Internet Scam Uses Fake Web Sites to Steal Information
RSA, a provider of security solutions for businesses, has posted on its blog a fraud alert regarding a widely circulating phishing e-mail. This latest example is just one of a long line of similar e-mail scams.
Phishing is a type of scam where fraudulent e-mails, purporting to be from legitimate businesses or Web sites, are sent to unsuspecting people. Phishing e-mails often ask the recipient to divulge personal information such as passwords or banking information. The con artists often accomplish this by asking e-mail recipients to verify or update personal information.
Con Artists Know How to Impersonate Other Sites
In the majority of phishing scams, users are given a link to a Web site that looks to be from a reputable company, but is in reality, fake. The con artists create phony Web sites by going to legitimate sites that they wish to impersonate and copying part of that site's code.
"They know how to program a Web page to look like another Web page. They know how to take a logo from a Web site and copy it and put it on an e-mail and so on and so forth. So the people that do these scams are very technically savvy," said Mike Reusser, owner of Gemini Custom computer store, in a 2006 interview.
Trojans Hide Malicious Software
The phishing scam reported by RSA is especially troubling because it does not merely attempt to trick e-mail recipients into divulging personal information, it directs users to a Web site where by clicking on a link, malicious software is downloaded to the user's computer, unbeknownst to them. This malware then works in the background, collecting and transmitting personal data to a third party.
According to the RSA blog entry:
"The Trojan that is launched when the link to the fake software installation is accessed is called a Trojan 'SSL stealer' that captures financial and personal information of the infected user found on their computer."
The "Trojan" that is being referred to is a link that is disguised as something else in order to entice potential victims to click on it. In this case, a link to download the malicious, data-stealing software is disguised as a legitimate video player.
Avoid Falling Prey to Phishing Scams
So how can users avoid falling prey to online con artists?
Todd Larson, Network Administrator for Lewis and Lewis Computer store said in a 2006 interview:
"Most companies are not going to request information from you through e-mail. That's one thing to say, 'Hey, you know, probably not.' Give them a call and find out. Unless you initiate it, don't do it."
Another tip is to not download software updates from third-party sites. Users that are told that they need to update software for a media player or a document reader, for instance, should go to the company's Web site by typing in the URL and not update software by using a link on someone else's site.
In the end, the only way to avoid being taken in by a scam is by being informed, and staying aware of the threats.
What do you think about this article?
More in Technology
Latest Articles