Tuesday, October 2, 2007

Teaching how to Phish

I love the profit motive. Even though sometimes it cuts the wrong way. As opposed to just phishing at record volumes, a number of "entrepreneurs" have introduced do it yourself phishing kits. Why give the kid a phish, when you can teach them to phish?

These tools give very unsophisticated attacker a set of templates and tools to launch a phishing attack in minutes, not days or weeks - as in the good old days.

You can learn more by checking out Dancho's post on a new upgrade to a common phishing kit.

What does this mean for you? Basically, the problem is going to get worse before it gets better. Probably a lot worse. There will be more phishing attacks and that means you have to constantly be on your guard.

This is a case where using a Gmail (despite their recent problems) and/or Yahoo! Mail service is a good idea. Both services have top-notch spam fighting for consumers. Your telco or cable company that provides your Internet access - not so much.

To be clear, you also need to be able to detect a phishing attack. Some will still get through your spam filters. Step 8 in Security Mike's Guide to Internet Security gives you lots of tips.

Photo Credit: Money Fish, originally uploaded by Lindsay Bayerstein

No comments: