New Phishing Emails Emerge
The usual phishing email still claims that "action" is required because of something that just happened. This can be a fake eBay purchase, PayPal transfer, a bank account transaction or someone offering you heaps of money.
While these methods are still highly successful Internet users are starting to get educated about phishing which reduces their effectiveness over time.
Basically, Internet users know eventually that they should not click on any link in emails that they receive.
A new phishing email (via Trend Micro) that recently emerged claims that the recipient's Bank of America account was accessed by an international IP from an unregistered computer and that their "Foreign IP Spy" detected that breach.
Note that you can replace the bank with any other high profile website.
It is asking the recipient to verify and register the current computer by logging in on the Bank of America website. That link leads to a new window which opens a phishing website that is using a fake address bar. Most users who clicked on that link will surely enter their login information.
The attack tries to convince users that their account is in danger and that they need to act quickly to protect it. That's tricky and many users will probably fall for this because they believe that thieves would not ask them to secure their accounts. What they obviously miss is the fact that the added security feature is fake and not existing.
Websites with that fake address bar can be easily identified by right-clicking on that website and selecting properties from the context menu if Internet Explorer is the browser of choice. Firefox users click on Page Info in that right-click menu while Opera users press Alt + Enter or right-click and selected Edit Site Preferences.
The best protection against phishing is to not open any links in emails. Always open the website directly in the browser. If you are insecure call the company and ask if they know about the email before you do anything.
Advertisement