 |
LIVE from Threat Center:
Resources : |
Similar to Spyware, there is strong financial incentive for Phishing. Phishing comes in many forms, but a common example is a malicious attack where a criminal entity sends an 'official' looking email to an unsuspecting email user, asking that they go to a website and 'validate' their username/password and other account information.
Phishing scams can get quite sophisticated; it is not unusual for a hacker to recreate an entire web-site in an effort to look legitimate. The user then types in their username and password in the bogus web server, which the criminals collect. In some cases, before the user knows anything malicious has happened, they are redirected to the official web server, where they are already logged in and can access their account as usual. All of this is completely transparent to the end user. While this sounds far-fetched, it is an increasingly regular occurrence.
Anti-Phishing Security Checklist:
- Gateway Email Scanning
- Automatic Signature Updates
- Extensive Phishing Signature Database
- Full Featured Anti-Spam
- URL Database of Phishing Servers