New Phish Deceives With Phony Certificates
Gregg Keizer writes in TechWeb News:
A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday.
SurfControl, a Scotts Valley, Calif.-based Internet security vendor, said that it's seen one instance of such an attack, and expects more.
"This can fool the average user for sure," said Susan Larson, SurfControl's vice president of its global threat analysis and research group.
The new phish blends traditional elements with the new twist of a self-signed digital certificate, said Larson. It starts the same as most phishing attacks, with spammed e-mails urging recipients to click on a link to update a financial account. The destination is a spoofed version of a real site which requests the consumer enter his or her username and password to verify the information (supposedly because unauthorized access has been detected from an overseas IP address).
0 Comments:
Post a Comment
<< Home