USNCVA - Now Read This

NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0159 Phishers use context-aware techniques:

Phishing operations have begun applying more advanced methods, including "context-aware" schemes, according to Symantec. A context-aware phishing attack uses specific personal information about intended victims to gain trust. Phishers are using resources of private investigators to obtain this information.

In some cases, attackers send a pre-phishing recon attack, which is a mass-mailed generic phishing attack targeting popular non-critical sites such as web-based email accounts and social networking sites. Symantec defines a site as non-critical if access does not give an attacker an immediate financial payoff.

The pre-phishing recon attack aims to identify users that are likely to fall for a context-aware phishing attack and to get their usernames and passwords for the site. The phisher can then check to see if possible victims use social networking sites, web-based email, online banking, or online retailers. This information can be used to pick a particularly appealing target and decide on a customized course of action.

(www.symantec.com 24APR07)

Last Modified: Sunday, 06-May-2007 08:44:00 EDT

NOW READ THIS ("Security Advisory")

NRT-0159 Phishers use context-aware techniques:

NOW READ THIS
("Security Advisory")