Scam Web Sites Bilk Consumers Twice
Editors Note: Yet another type of online security threat to be aware of!
By Erika Morphy
April 8, 2005 12:32PM
This is a new and more aggressive form of phishing, says Luis Corrons, director of PandaLabs. Previously, online scammers would troll for victims through mass e-mails. In this case, �it is actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page.
A new online scam could bilk consumers not only of their credit card information, but also of their savings, warns Panda Software.
A Web site discovered to be operating the scam has been dismantled by authorities. It advertised bargain rate airline fares, and consumers happened upon it by entering relevant terms in search engines, such as Google .
The site included a form asking the user to enter personal details, including credit card number, expiration date and verification value. Once those details were entered, an error page would appear, telling the user that the transaction was unsuccessful, and offering instructions on how to pay for the ticket by postal money order.
Luis Corrons, director of PandaLabs, expects that similar Web sites will be established by fraudsters, perhaps with offerings other than discounted airline tickets.
Different Kind of Fraud
This is a new and more aggressive form of phishing, Corrons says. Previously, online scammers would troll for victims through mass e-mails. In this case, �it is actually the buyer, in searching for the best prices online, who goes to the fraudulent Web page. This creates a false sense of security that can lead users to proceed with the transaction.�
Indeed, phishers continuously try out new ruses. "Pharming," a recently coined term, is becoming more common, for example. Unlike phishing, which directs users to fake sites through e-mail links, a pharming attack installs a Trojan horse virus on a user's machine. Then, when the user types in the URL of a targeted banking site, the virus reroutes the request to a fraudulent Web site, where personal information can be collected for identity theft.
Recent targets have been the British banks Barclays, Bank of Scotland, Lloyds TSB and NatWest.
Few believe online financial crimes will diminish anytime soon; it is an easy and non-violent way for criminals to steal money, says Sophos security consultant Graham Cluley. Perpetrators of these frauds grow savvier in their social engineering and technical ruses and are quick to discard a scheme once it becomes known to authorities and move onto the next.
�Even hackers that were once bent solely on mischief are aligning themselves with spammers to make a quick buck,� Cluley notes.
Adware Report | Site Map | spyware reviews | Recommended Books...