New Scam: Hackers Use Phony Certificate To Seal Victims' ID-FatesNew Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.

A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.Noted by security firm F-Secure over the last few days, the so-called "fly phishing" con looks as slick and "legit" as any I've seen.
Its masterstroke is its spot-on mimicry of banker boilerplate (and for that matter of techy install-prose) as it walks the recipient through the steps required to install the digital certificate that will enhance their security and simplify their bank's sign-on process.
What's installed, for those who bite at the fly phish, is a trojan that then captures passwords, account numbers etc.
The user is never once asked for an identifying number or piece of confidential information.
This one is smooth and polished, with a razor-sharp barb that might prove more effective than the "we need your password" approach that has long-since approached and passed the point of diminishing returns.
F-Secure has a nice YouTube video of the scam here.
About the Author
You May Also Like
Uncovering Threats to Your Mainframe & How to Keep Host Access Secure
Feb 13, 2025Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025