More evidence that phishers are widening their net. Munir Kotadia of ZDNet Australia reports that Yahoo’s free instant-messaging (IM) service is being targeted by phishers in an attempt to steal usernames, passwords and other personal information. Yahoo confirmed on Thursday its service was being targeted by a phishing scam. According to the search giant, attackers … Read more
Not sure if this is new but I’ve not seen it before: A clever new piece of social engineering in a phishing email. You have added phoneseller@yahoo.com as a new email address for your PayPal account. If you did not authorize this change or if you need assistance with your account, please contact PayPal customer … Read more
MasterCard, one of several banks discovered to have flaws on their websites that would have allowed a phisher to capture passwords, says it has fixed the problem. American Banker Online reported (subscription required) last week that MasterCard International “has confirmed finding and fixing a flaw on its web site’s ‘Find A Card’ tool that could … Read more
Scaring the bejesus out of a lot of security folk this weekend is a new kind of phishing attack that doesn’t require the victim to do anything but visit the usual websites he might visit anyway. It works like this: The bad guy uses a weakness in web servers running Internet Information Services 5.0 (IIS) and … Read more
Here’s an interesting — and troubling — variation on the phishing scam: Using country-specific domain name to make a phishing link look real. The problem for phishers has always been to conceal the fact that the link victims are asked to click on takes them to a website address that looks dodgy — either the URL … Read more