Version: 2008
  • On MovieTome: The 10 worst movies of 2009 so far!
advertisementGet Smart about Business Spending

December 1, 2004 5:17 PM PST

Phishers lie in wait for Google searchers

By Munir Kotadia

  • Post a comment
Related Stories

New browser sniffs out phishy sites

 December 1, 2004

Report: Cost of phishing not so high

 December 1, 2004

Automated phishing on the rise

 November 23, 2004

Caught in a phishing trap

 November 17, 2004
Phishers are setting up fraudulent e-commerce Web sites and simply waiting for victims using Google and other search engines to find them, a security company has warned.

Traditionally, phishing scammers have lured their victims to fraudulent Web sites by sending official-looking e-mails that are ostensibly from well-known companies asking users to 'verify' their user names and passwords. Now many are setting up legitimate looking e-commerce sites that disguise links to malicious software as pictures of goods on sale, CyberGuard said Wednesday.

Paul Henry, a senior vice president at CyberGuard, said that when Web shoppers search the Internet looking for products they want to buy, they could be directed to a plausible e-commerce site that instructs them to "Click here to download images" of the product.

Related feature
Have you been phished?
Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

Henry said that instead of linking to pictures of the advertised product, the links point to a self-extracting Zip file that installs a Trojan horse on the victim's computer. The program could then steal personal and financial information.

"If it looks too good to be true, it probably is. Don't let the Grinch steal your Christmas," Henry said.

The warning comes a week after the Anti Phishing Work Group, or the APWG, said it suspected that a phishing tool kit, which could help create and automate phishing attacks, was being distributed on the Internet.

In early November, e-mail security company Messagelabs warned of a new phishing method that did not require the user to open an e-mail attachment or click a link.

Messagelabs said it had discovered some malicious e-mails that, when viewed, could run a script that manipulated certain files on the victim's computer. The next time that computer attempted to log on to a legitimate banking site it would automatically be redirected to a fraudulent Web site.

Munir Kotadia of ZDNet Australia reported from Sydney.

See more CNET content tagged:
CyberGuard Corp., phishing, e-commerce, MessageLabs Ltd., victim

advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (0.72%) 73.00 10,270.47
S&P 500 (0.57%) 6.24 1,093.48
NASDAQ (0.88%) 18.86 2,167.88
CNET TECH (0.63%) 9.86 1,587.17
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET