PandaLabs has detected a phishing attack against clients of the SouthTrust bank and the international PandaLabs network has already registered numerous incidents worldwide related to this attack.
The e-mail message used in this new phishing attack purports to come from those in charge of security at SouthTrust, affirming that, due to certain security checks, users should go to a certain web page and enter their confidential details.
Those responsible for this attack are using several Internet domains to host these false web pages and each one of them has several IP addresses with different geographical locations.
In addition, and even more dangerously, the fraudulent e-mail uses a JavaScript function to spoof the address that the user sees in the browser bar, so that the victim believes at all times that they are really in the SouthTrust servers and that it is a secure connection.
“This is an elaborate attack in comparison with those that we usually see. The use of several domains to host spoofed web pages makes it more difficult to disable them. Similarly, and given the numerous reports we have had relating to this attack, it would seem that the criminals have gone to a lot of trouble to ensure they reach as many victims as possible,” explains Luis Corrons, director of PandaLabs.
“Phishing is on the increase. Everyday new attacks are detected and it is advisable to take the necessary precautions. As a general rule, users should not enter confidential data in these kinds of cases, regardless of the reason given in the e-mail message.”
Practical tips to combat phishing
– Never access Internet services through links, as there are various ways for spoofing the addresses that users see in the browser bar. Instead, type in the URL directly in the address bar.
– If you think an e-mail message could be part of a phishing attack, don’t enter any data and contact the bank in question.
– Use technological solutions to minimize the impact of this type of attack. The best practice is to use security suites including anti-phishing technologies and that update regularly to prevent the most recent attacks.
Make sure your computer is free from viruses, spyware and other Internet threats. One way is to use the free online solution Panda ActiveScan http://www.activescan.com .
For more information go to http://www.pandasoftware.com/virus_info or contact Panda Software Cyprus on 22441514, [email protected] .
