NEWS FROM THE LAB - Friday, April 25, 2008

Fly Phishing Posted by Sean @ 18:12 GMT

Some phishing gangs have a new technique. They're using trojan-spy applications.

Last week we received the following e-mail message:

Comerica Phishing E-mail

Notice that the message doesn't mention anything about providing an account-name or password.

Instead, it attempts to convince the recipient that they need to install a Digital Certificate for enhanced safety.
(Anybody want to buy a bridge?)

The message links to a site with the following:

Comerica Phishing Site

It's basically a page full of jargon designed to overwhelm the potential victim. What happens if the victim falls for the bait and installs the "certificate"? A trojan-spy will be installed.

So now the phishers don't need to ask for passwords anymore, they can just take them.

This technique keeps the classic element of phishing by mimicking the trusted institution — the bank. What they've adjusted is the part that people have become skeptical of, which is giving away their password when requested by e-mail.

Update: Here's a brief video that we captured last week when the site was online. You'll find it on the Lab's YouTube Channel.