Phishing, according to webopedia.com is “the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” If the user takes the bait and assumes the email is legitimate, they are directed to a website where they are asked, under false pretenses, to reveal personal information like credit card numbers or account passwords.

Previously, all know phishing scams required the user to buy into the original fraudulent email and click on a link and then type in their information. However, a phishing scam that doesn’t require anything from a user other than opening an email has emerged. The email triggers a script that compromises the users computer so that the next time they attempt visit certain online banking sites they are re-directed to imposter websites that steal their personal information.

Fortunately, this attack only targets insecurely configured or out-of-date versions of Microsoft’s Outlook email program, but more sophisticated attacks are likely on the way. This is another example of why you need to keep your software up-to-date as well as consider unique vulnerabilities your particular email client or web browser may have. Personally, I would avoid Microsoft Outlook as well as Internet Explorer in favor of alternatives like Thunderbird and Firefox from mozilla.org.

Read more about this attack at silicon.com.

This entry was posted by jack () on Wednesday, November 3rd, 2004 at 4:11 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Note: Blog posts are the opinions of their authors and do not reflect the official opinion of the National Science Foundation or North Carolina State University.