Attackers Go Phishing In Deeper Waters

from the personalized-scams dept

It’s not just iTunes and Amazon that are exploiting the ‘long tail’, online scammers get it as well. Typically, phishing attacks attempt to confuse people by mimicking a well-known brand, like PayPal or Citibank. But as more people get clued into the fact that an email purporting to come from PayPal may not be the real thing, attackers have had to move onto smaller brands. In the last year, the number of brands targeted by attackers has doubled, and this number is growing at a double digit monthly clip. As in other long tail case studies, it’s the low costs of internet activity that allows attackers to go after small niches. So far, the attack with the narrowest scope we’ve heard about is one that goes after JFK conspiracy theorists, claiming to be from a dying KGB agent with some previously undisclosed information about the murder. Whatever your tastes or interests, there will one day be a scam specifically targeted for you.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Attackers Go Phishing In Deeper Waters”

Subscribe: RSS Leave a comment
Jesse McNelis (user link) says:

it's the problem with email

Email is very very broken.
Pretty much the worse form of communication as there is no standard form of authentication and verification. This was known to be a problem 10 years ago, but still probably won’t be fixed for 10 more years.

Spam, malicious software writers and Phisihing scams take advantage of this and will continue to cause trouble until email is fixed.

Longing for the days of domain keys.

Bob says:

Back to the point

Has anyone read the story for this thread? It really is more interesting than the comment thread, albeit not nearly as humorous.

I had an experience not long ago whereby my bank had sent me an email that looked all the world to be a phishing scam. The mail wanted me to click on a link, that didn’t go to their website, and logon to setup a feature. I assumed it to be fake but upon checking the new domain I discovered the domain holder was a reputable banking data management company. Shortly afterward the bank called me directly for another matter and I quizzed her on it. She admitted it did indeed originate from their bank, that it was an automatic process (so no-one sat down and wrote this by hand) and that this was just business as usual. I discussed the ease in which this could (will) be exploited someday and she intended to speak to their IT.

My point being you must be very vigilant as even supposed ‘safe’ emails could be manipulated. Just think of all those who clicked and logged on without giving it a thought.

ebrke says:

Re: Back to the point

Anyone remember the security breach some months ago when an outside company handling the logins for small banks was hacked? One of the banks then sent an email with a link to a domain outside that of the bank and asked customers to login using the link and change their passcodes and get information about the breach. Talk about clueless!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...