I’m always amused by security companies generating PR with a title such as “Phishers take aim at XYZ!”. So I was amused as well to see the article titled Phishers take aim at MasterCard SecureCode  

That’s because Phishers will hit ANYTHING these days. From good old banks, credit unions and building societies, through security programs and government portals, to social networks and online games. Youtube, Myspace, iTunes and World of Warcraft are constantly targeted by Phishing and crimeware. In fact, if your brand isn’t hit by phishers, you should start to get worried. The Phishing victim roll is the new Internet who’s who list.  

What people are less familiar with is the huge amount of inter-fraudster phishing. That’s right. “Phishers take aim at Phishers fraud forum!” is a title that shouldn’t come as a surprise. Some hardworking phishers do their honest day job of stealing credentials, and then comes a total crook and phish them for their fraud forum password so he can pose for them, buy accounts on their behalf without paying, and generally ruin their reputation. Some Trojans follow the same despicable practice: when a computer is infected by a botnet and the usual plethora of malware is injected into it, you always find some scavenging crimeware that waits until one of the legitimate Trojans intercepts a good credential. It then secretly sends a copy to its immoral operator. Which is totally not fair, I’m sure you’ll agree.

Trojan makers actually had to develop an internal encryption mechanism just to fight this type of unjust, parasite behaviour.  

The next ‘Phishing take aim at XYZ!’ wave bound to happen is enterprise emails; already when I get emails from corporate HR or marketing, I scrutinize every line to see whether it’s real or phishing.