There have been numerous proposals for ways to prevent phishing scams. Suggestions ranging from EV certificatesto new specialized top-level domains seem to imply that the end ofphishing would be brought about through their implementation.Unfortunately, this isn’t likely to be the case.
Let’s look at a phishing scam for what it really is – an onlineversion of the classic confidence scam. The reason it’s called aconfidence scam is that the perpetrator has to gain the confidence oftheir intended victim in order to reap the rewards. Some of these scamsare so thinly veiled that only the extremely gullible will fall victimwhile others are so elaborately played that even some of the mostcautious individuals are fooled. The same goes for the online version.
Some phishing attacks are so poorly crafted (I’m sure most companiesdon’t misspell their own names) that many of...
Back in September, I summed up some of the malicious code and phishing trends from the latest edition of the Symantec Internet Security Threat Report. To sum up that summary, I said that we’re seeing a trend toward profit-driven attacks. Malicious code is being created with financial motivation and is used in conjunction with phishing attacks. Well, after two days of presentations at the Virus Bulletin 2006 conference, it seems that others agree with this conclusion.
From the keynote address by Mikko Hypponen of F-Secure, through to the presentation on phishing Trojan creation kits by Dmitri Alperovitch of...
