Fake order confirmations provide new phishing twist

Fake order confirmations provide new phishing twist

UK security outfit SecureTest is warning of a new twist on the familiar phishing scam, in which fake e-mail order confirmations direct recipients to a Web server that writes a malicious file to the user's PC.

The e-mail, a bogus order confirmation for an IBM Laptop PC, tells the recipient that their bank account has been debited for £1099.99 and provides a link to check or cancel the order. Following the link leads to a Web server which exploits an unpatched weakness in Microsoft's Internet Explorer to write a potentially malicious file to the user's hard drive.

Ken Munro, managing director at SecureTest, says the malicious code exploits a known threat which is listed by some of the major anti-virus vendors.

"The danger here is in the new format for the scam, and the new form of social engineering," he says. "Many people, on receiving an e-mail saying their bank account has been debited for £1099.99 will at least click on the link and take a further look."

News of this new variant of the phishing scam coincides with the release of the latest data from the Anti-Phishing Working Group highlighting the increasing prevalence of the threat. APWG says it recorded 1125 different e-mail scams in April, nearly tripling from March, with Citibank the most popular attack target.

Comments: (0)

Download the report - Cloud Banking - Innovation without limits

Trending Stories

Featured Job
All Jobs »
London, UK

Sales Director, Private Equity Solutions (London, UK)

Competitive base, double ote, benefits, stock options

22 Jul