Analysis Of A Phishing Scam
from the down-and-dirty dept
Email “phishing” is the popular email scam going around these days, with emails appearing to come from companies you supposedly trust, asking you to provide updated financial information. These scams are pretty sophisticated and are even tricking relatively savvy users. Now, a security firm has taken some of these phishing emails and done a fairly detailed analysis on them, to determine that a large portion of the emails seem to originate from a single group, and that group appears to be testing out a variety of different scams over time (sometimes including spyware, sometimes just going directly after the victim’s bank account). One interesting tactic, which I had not heard about before, is that the URLs they put in the emails (which are usually disguised to look like legitimate URLs – but which are obviously fake if you look carefully) actually redirect users to the actual site for the institution in question, but also throw up a pop-up of their own that asks for your bank account details. I received one of these emails pretending to be from Amazon a few days ago. I didn’t click on the link, but did send it off to Amazon who bounced back a form letter. It sounds like these researchers got the form letter treatment as well – but they’ve done a tremendous amount of research which would probably be very helpful in tracking down who is running this scam.