With sincere apologies to Dr. Seuss and puns aside, phishing1 is no laughing matter if you become a victim. Typical phishing messages purport to originate from various financial institutions, delivery services, Facebook, and so on, all with the aim of getting you to click the enclosed link and disclose some personal information that can be abused. The latest variants target American Express2 and other credit card companies.
This bogus Visa message claims that your card was supposedly used elsewhere in the world but that the transaction was refused. You’re politely invited to “carefully review electronic report for your VISA card,” but in this case don’t bother RSVP-ing!
Sample Visa phishing line:
Attention All Webmasters
But there’s a recent new wrinkle to the game: website administrators are now being targeted in an effort to get their FTP login credentials3. The scammers’ aim here is to use these credentials to hack the site and add it to their network for distributing drive-by malware.
The message states: “Due to the system maintenance, we kindly ask you to take a few minutes to confirm your FTP details.” Clicking the link takes you to a bogus cPanel page4(a website administration tool). If you enter your information, you’re then forwarded to the actual site of the company that appears in the body and subject line of the email.
If you’re concerned that your website might have been breached, a report published by the Anti-Phishing Working Group (APWG)5 contains a list of recommendations and resources.
Trackback from your site.