New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.Noted by security firm F-Secure over the last few days, the so-called "fly phishing" con looks as slick and "legit" as any I've seen.
Its masterstroke is its spot-on mimicry of banker boilerplate (and for that matter of techy install-prose) as it walks the recipient through the steps required to install the digital certificate that will enhance their security and simplify their bank's sign-on process.
What's installed, for those who bite at the fly phish, is a trojan that then captures passwords, account numbers etc.
The user is never once asked for an identifying number or piece of confidential information.
This one is smooth and polished, with a razor-sharp barb that might prove more effective than the "we need your password" approach that has long-since approached and passed the point of diminishing returns.
F-Secure has a nice YouTube video of the scam here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024