Newest Phishing Scam Employs Legitimate Web Sites

By Cameron Sturdevant  |  Posted 2004-07-06 Print this article Print

Phishers are beginning to bait the hook by directing marks to a legitimate institution's Web page that describes password security.

Increasingly sophisticated phishing attacks are chipping away at the reliability of e-mail and Web-based applications as a trusted form of communication for business transactions. And the Anti-Phishing Working Groups latest report doesnt hold much comfort.

The APWGs latest monthly report, issued last week, indicates that the Citibank brand was again the No. 1 target for fraudulent e-mail-based scams. There were nearly 1,200 unique phishing attacks reported to the APWG in May, which is 6 percent more than in April.

Lawmakers and vendors are cracking down on phishing. Click here to read the story.
When I talked with APWG spokesperson Dan Maier, I learned about an emerging phishing technique thats not in the report but worth describing for enterprises as well as Internet users.

Phishers are beginning to bait the hook by directing marks to a legitimate institutions Web page that describes password security. A week later, the phisher sends the potential victim a "follow up" e-mail strongly encouraging the victim to create a new password using the guidelines that were pointed out the week before.

Its just one more step in the social engineering of a scam designed to rip off even fairly well-trained Internet users.

Until there is a reliable, authenticated method of communication for business, Ill continue to deep-six unexpected messages that are supposedly from financial institutions I use.

Fortunately, Ziff Davis perimeter anti-spam filter, combined with my desktop anti-spam client, is still keeping my in-box phish-free.

Check out eWEEK.coms Security Center at for the latest security news, reviews and analysis.

Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page

Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel