Beware 'Spear Phishing' Scams

Identity Theft - Phishing : Beware 'Spear Phishing' Scams

Posted by Max on 2006/10/11 3:20:00 (1020 reads)

Online social networking sites are skyrocketing in popularity, but now experts say those sites have become a major target for so-called "phishers," who are using these sites to lure users into their scams.

Seventeen-year-old Dan Leveille uses myspace.com not only to connect with friends, but to promote his photography and web-design business.

Dan Leveille, Myspace.com User: "I'm on there pretty much every day; I can spend like hours on there."

So when a music group contacted him, Dan clicked on the profile but got a login pop-up instead.

Dan Leveille, Myspace.com User: "I thought it was myspace, it looked exactly like it, but on the address bar, it didn't say myspace.com."

Ron Teixeira with the National Cyber Security Alliance says Dan was almost hooked by a spear phishing scam -- the newest type of scam targeting social networking sites.

Ron Teixeira, National Cyber Security Alliance: "Spear phishing is when they hone their tactics and they use personal information that you have posted on these social networking sites to try to steal different financial information from users."

For example, say your profile states that you like a certain band. Spear phishers will send you an instant message or bulletin that looks like it's from that band.

But when you click it...

Ron Teixeira, National Cyber Security Alliance: "It will load malicious code onto your program and use vulnerabilities that exist on your computer to again install these different programs that collect all your financial information."

Other links may lead to fake login pages used to collect usernames and passwords so scammers can use your profile and attack your friends. So beware of messages asking for personal information.

Ron Teixeira, National Cyber Security Alliance: "Legitimate companies do not ask for personal information via email."

Also, never email any account information. If you're asked to login a second time, make sure the URL is correct, and know who you're dealing with.

Ron Teixeira, National Cyber Security Alliance: "We always suggest that you never download an attachment or click on a link from someone you don't know."

Dan says since his close encounter, he's more careful about what's on his profile.

Dan Leveille, Myspace.com User: "I don't put my first or last name and I don't even give it to people I know because they could not be who I think they are."

Michael says says another important way to protect yourself is to make sure your browser, operating system, anti-virus, spyware, and firewall programs are all up to date.

Previous article - Next article

Other articles
2008/10/9 14:10:42 - Google Trends Used to Promote Fake Anti-Virus Software
2008/10/9 13:50:47 - Spam, Child Porn, Illegal Pharmaceuticals, and Stolen Data Make The Web Axis of Evil
2008/10/8 12:22:22 - New Anti-Phishing Service by BluePrint On National Cyber Security Awareness Month
2008/10/7 16:17:07 - Adware Released As Fake Antivirus Increases
2008/10/2 15:30:28 - Agnitum's Outpost Security Suite Pro Gains Another VB100% (on Windows Server 2008)
2008/10/2 15:21:49 - New FREE Security Tools From Verizon
2008/9/30 17:45:27 - SkyRecon Adds Anti-Virus Protection (AVP) to Its StormShield Security Suite
2008/9/30 17:32:11 - IdentitySecure, The New Identity Theft Protection Program from Affinion
2008/9/30 17:13:08 - Web Application Security Mythbusters by Cenzic Inc.
2008/9/30 17:03:58 - Disk Doctors Announces Support For The Hurricane IKE and Gustav victims

The comments are owned by the poster. We aren't responsible for their content.