Many users are more than familiar with the bait. An email arrives from a familiar company (Amazon, eBay, PayPal, Chase Bank) claiming that personal information has been compromised or that an account is about to expire. The reader is asked to click on a link to confirm information. Those that are lured, click on the link where they are asked for their username, password or other vital information. Once they complete the forms, they’ve been caught – the readers’ personal information is transmitted to the crooks.
Tech-savvy young gangsters have earned tens of millions of dollars from email phishing attacks. Consumers are urged to be on the lookout during this latest burst of crimeware attacks, according to Peter Cassidy of the Anti-Phishing Working Group. The latest ploy comes in the form of an email or instant message from someone familiar, usually from a friend whose address book has been compromised. The email urges the reader to click on a link or open an attachment to view vacation photos. While the reader attempts to view the photos, they have unknowingly downloaded a key logging system onto their own computer. This malicious program tracks the user’s keystrokes and waits for the user to log into an online account. Once the user’s account information has been obtained, the user’s bank accounts, credit card information and personal information are all at risk.
"Crimeware attacks are surging," said Cassidy, who warned these attacks are much more potent than the social engineering attacks.
While the growth of social engineering phishing emails seems to have tapered off, according to Cassidy, there has been a boom in technical subterfuge or crimeware attacks. Last year, Brazilian police arrested more than 50 people, many of them under the age of 25, for stealing over $30 million from online banking customers.