Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

New phishing emails automatically steal bank log in details

  • 04 November, 2004 09:18

<p>MessageLabs, the leading provider of managed email security services to businesses worldwide, has identified a new phishing technique designed to capture online banking details without requiring users to click on a website link - they simply have to open an email.</p>
<p>Towards the end of October, the company intercepted a number of emails which, when opened, silently run a script that attempts to rewrite the host files of targeted machines. This means that the next time the user attempts to legitimately access online banking they will be automatically redirected to a fraudulent website, enabling their log in details to be stolen.</p>
<p>So far, MessageLabs has only intercepted copies of emails targeting three Brazilian banks, but should the technique prove successful the company expects to see more phishing attacks using this advanced method.</p>
<p>It should also be noted that computer users who have Windows Scripting Host disabled are not at risk from this particular type of phishing attack.</p>
<p>Alex Shipp, Senior Anti-Virus Technologist at MessageLabs, comments:
“This latest technique demonstrates how phishing attacks could become increasingly difficult for end users and online organisations alike to protect against. By reducing the need for user intervention, the perpetrators are making it easier to dupe users into handing over the contents of their bank accounts. Most banks have advised their customers to be wary of any email asking for personal banking details, but in this case all they have to do is open an apparently innocent email and their bank details could be silently sabotaged.</p>
<p>“We currently detect between 80 and 100 new phishing websites a day, showing just how prolific the threat has become. It is a moving target, making it harder to identify and defend against. As ever, a combination of user education and the necessary levels of technology-based protection are essential.”</p>

Most Popular

Market Place