Phishing Scam Alert: New Breed of Phishing Scam Targets eBay, PayPal and Other Top Banking Sites
A powerful new phishing technique has been discovered that is able to spoof eBay, PayPal and other top web destinations without triggering anti-phishing filters in Internet Explorer 7. This phishing tactic is not initiated by clicking on a link in an email or instant message, but by actually typing in the address to these sites manually.
What to do:
Phishing scams are a serious threat:
Watch for bad grammar and poorly written statements when using online bank accounts.
Make sure your INVISUS Security software is updating automatically.
Make sure your computer is scanned regularly (as scheduled or done manually) with the INVISUS security suite.
If possible, download and use Firefox as your primary Internet browser, instead of Internet Explorer, until these issues have been resolved by Microsoft.
Make sure your Automatic Updates for Windows is turned on so you will receive any new patches for IE7 as soon as they are available.
More information:
After attempting to log in to PayPal and other online accounts, the user is prompted for his/her date of birth, social security number, mother's maiden name, credit card details and other sensitive information. Be aware that these online businesses will not ask for such detailed information in this way, and always look out for poor grammar. Badly written websites, emails and instant messages are a sure sign of a phishing scam. The PayPal phishing site reads:
"We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access. Please enter as more information as possible to provide your complete identification and to activate all the features of the new system."
Online websites that are known to have been hit are PayPal, HSBC Bank, eBay and Barclays Bank. More websites may be discovered soon. The phishing website for HSBC reads:
"Sorry, we unable to recognize digits from your security number. Please enter full security number below."
Those experiencing this attack have inadvertently installed an html injector. That means the victims' browsers are, in fact, visiting the PayPal website or other intended online account, but a file has attached itself to Internet Explorer and is managing to read and modify the web pages that are visited. After entering the information asked for, the html injector sends the user to the real website, but forwards all the sensitive information to the hacker. These phishing websites have bypassed Norton 360 and other major security phishing filters.
(Alert Release Date: 5/25/07)
Created by INVISUS®
www.myinvisusdirect.com/JSasser
A powerful new phishing technique has been discovered that is able to spoof eBay, PayPal and other top web destinations without triggering anti-phishing filters in Internet Explorer 7. This phishing tactic is not initiated by clicking on a link in an email or instant message, but by actually typing in the address to these sites manually.
What to do:
Phishing scams are a serious threat:
Watch for bad grammar and poorly written statements when using online bank accounts.
Make sure your INVISUS Security software is updating automatically.
Make sure your computer is scanned regularly (as scheduled or done manually) with the INVISUS security suite.
If possible, download and use Firefox as your primary Internet browser, instead of Internet Explorer, until these issues have been resolved by Microsoft.
Make sure your Automatic Updates for Windows is turned on so you will receive any new patches for IE7 as soon as they are available.
More information:
After attempting to log in to PayPal and other online accounts, the user is prompted for his/her date of birth, social security number, mother's maiden name, credit card details and other sensitive information. Be aware that these online businesses will not ask for such detailed information in this way, and always look out for poor grammar. Badly written websites, emails and instant messages are a sure sign of a phishing scam. The PayPal phishing site reads:
"We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access. Please enter as more information as possible to provide your complete identification and to activate all the features of the new system."
Online websites that are known to have been hit are PayPal, HSBC Bank, eBay and Barclays Bank. More websites may be discovered soon. The phishing website for HSBC reads:
"Sorry, we unable to recognize digits from your security number. Please enter full security number below."
Those experiencing this attack have inadvertently installed an html injector. That means the victims' browsers are, in fact, visiting the PayPal website or other intended online account, but a file has attached itself to Internet Explorer and is managing to read and modify the web pages that are visited. After entering the information asked for, the html injector sends the user to the real website, but forwards all the sensitive information to the hacker. These phishing websites have bypassed Norton 360 and other major security phishing filters.
(Alert Release Date: 5/25/07)
Created by INVISUS®
www.myinvisusdirect.com/JSasser
Latest Stories
Destination wedding and honeymoon in the Greek islands
by Olympia G.
Tissue Paper Tassels
by Jason R.
Next Level Mastermind - Internet Lifestyle Network
by Shirley-Ann Pearman
Total lunar eclipse, 'blood moon'
by Ljerka S.
How to make a page on Facebook to Like
by Magic Man
America getting prepared for Civil War
by Donna Bartley
Identity Theft Avoidance Tips
by Brandon Bussey
More Benefits of The Perfect Internet
by Garry Heywood
Domain - Hosting - Commissions - Residual Income
by Shirley-Ann Pearman