Last week I wrote in my WSJ.com/AWSJ column (sub required) about the cross site scripting phish I received a few weeks ago (it appeared late because of the Easter holiday.) The point I made in the column is that most of the browser toolbars designed to prevent phishing failed to warn the user of the … Read more
More evidence that phishers are widening their net. Munir Kotadia of ZDNet Australia reports that Yahoo’s free instant-messaging (IM) service is being targeted by phishers in an attempt to steal usernames, passwords and other personal information. Yahoo confirmed on Thursday its service was being targeted by a phishing scam. According to the search giant, attackers … Read more
Saw a chilling presentation today from Fabrice A Marie of FMA-RMS at the Bellua Cyber Security Asia 2005 conference in Jakarta. Fabrice talked about Hacking Intenet Banking Applications, something he does for a living on behalf of banks around the region. Bottom line: They’re easy to hack. Of 15 banks’ application assessments he worked on … Read more
I gag to think of the implications if no one is doing this, but so far I don’t get any feeling that, at least in Asia, anyone is. We need a banks’ charter to keep customers’ private data private and safe. Why? Banks continue to be cavalier with our personal information, reflecting not only a … Read more
Phishers are smart, and banks are dumb. At least, it seems that way. Here’s another example of what’s called a cross site scripting vulnerability attack, which basically lures the victim to what seems, both in the phishing email and in the website it links to, to be a genuine website belonging to Charter One Bank. … Read more