A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.

Keith Ferrell, Contributor

April 28, 2008

1 Min Read

A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.Noted by security firm F-Secure over the last few days, the so-called "fly phishing" con looks as slick and "legit" as any I've seen.

Its masterstroke is its spot-on mimicry of banker boilerplate (and for that matter of techy install-prose) as it walks the recipient through the steps required to install the digital certificate that will enhance their security and simplify their bank's sign-on process.

What's installed, for those who bite at the fly phish, is a trojan that then captures passwords, account numbers etc.

The user is never once asked for an identifying number or piece of confidential information.

This one is smooth and polished, with a razor-sharp barb that might prove more effective than the "we need your password" approach that has long-since approached and passed the point of diminishing returns.

F-Secure has a nice YouTube video of the scam here.

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights