We’ve all heard about the dangers of phishing emails and the message is beginning to sink in so phishing is not producing the results that it used to do. Unfortunately for us the phishers have now sharpened up their tackle and a new threat is emerging.
Phishing, like most other things in life, changes and, over time, the fish (that’s us) get smarter and so the catch goes down – then it’s time to beef up the tackle.
Phishing is using emails to entice you to part with vital login information by directing you to a bogus website – maybe one that looks just like your bank or financial institution. OK, so you knew that and you knew, too, that you should be wary of such emails and that your bank or just about anyone else will never ask you for this information.
Financial institutions and computer security experts have been saying this for years now and finally the message is getting through. Snaring unwary surfers and stealing their login details is harder than when phishing first began but emails are not the only way of getting this information. There is something much more sinister lurking in the still, deep water.
Trojans are tiny computer programs that, like all programs, need to get into your computer to do their work. They come in various forms but the ones we are interested in are the trojans that sit and wait until you enter an address that they recognise and then they wake up and perform the two tasks they were created for.
First they copy the username and password you just used and then they send this over the internet to whoever is waiting patiently at the other end for their reply. Generally the websites they want are banks or other financial websites and the person at the other end, of course, is a phisher.
The trojan itself can arrive in an email message attachment and it needs you to run the attachment before it will be activated. We have heard all this before. The attachment won’t be called ‘BlogsBankTrojan.exe’ but often arrives as an unrequested screensaver or a humorous or similar ‘joke’ file that tries to tempt you to open it.
Here the moral is clear – don’t open attachments in emails unless you are very sure you know in advance what they are. But trojans can arrive in other ways, too.
A website can also contain a trojan within its pages which will infect your computer just by looking at it. OK, if this seems like magic, remember that your computer downloads the content of the site – that is all of the content – to your hard drive in the first few seconds that you look at it. This allows your browser to interpret it and show it to you. Running scripts on your computer at the same time to install trojans is not hard.
And so the new phishing threat (you have probably guessed it already) is to add trojans to the phishing email or the bogus website in a double-barbed attempt to hook your private financial data.
Being aware of how this works is half the battle but you should also consider these tips:
● Don’t even read emails unless you are totally sure you know who sent them
● Never, ever, open attachments unless you are really sure you know what they are
● Type in urls for financial institution (or copy and paste from a list you keep)
● Keep your antivirus up to date and make sure it’s a good antivirus
● Stay alert and if it looks suspicious – delete it!
Staying safe on the internet can seem scary at times but its important to know the risks and know what to do to stay out of trouble.
Mon, May 18, 2009, by Mike Taperell
Security