Lavasoft Support Forums > Phishing Evolving

Lavasoft Support Forums > Security News > Malware Alerts

GoddersUK

Mar 1 2009, 03:04 PM

With companies such as GMail now taking action to try and block phishing messages:

Click to view attachment

Phishers are having to try harder to get their messages through the protection systems about, and I've seen a message trying this in a way I've not seen before:

Click to view attachment

Now it's entirely possible that lots of people will read that and think it makes sense and open the attachment. But wait a second, isn't this a bit suspicous? An unsolicited email, claiming to be from my bank, that doesn't address me by name asking me to log in using a link they've provided. And asking me to open an attachment. And wait a second, on this page (http://www.hsbc.co.uk/1/2/security/phishin...g_3nP:12ntf16af) HSBC themselves tell me not to open unsolicited attachements. Very phisy.

Being quite concerned, and not wanting anything nasty on my computer, I fired up Google Docs to take a look at it, while reducing the risk of it harming my computer. Here's what I saw:

Click to view attachment

A fairly official looking document that had managed to pass GMail's phishing filter and presented me with an official looking URL. But wait a second, where does that link lead?

Click to view attachment

Oh dear... not the HSBC website.

So, how to protect yourself? Always beware emails claiming to be from your bank, it they're real they'll adress you by name (or postcode or some other information the phishers shouldn't know), they'll never ask you for (or to verify) any security details and NEVER click on the links in the emails - type your banks website in the adress bar yourself.

If you recieve an email you suspect to be phishing there's a few things you can do:

Report it to the email provider (e.g. for GMail, Hotmail:)

Click to view attachment Click to view attachment

Report it to the bank (they should have an report phishing email address, found on their website e.g phishing[at]hsbc[dot]com)

report it in your web browser (e.g. for FF and IE:)

Click to view attachment Click to view attachment

And if you entered any personal information contact your bank by telephone or branch IMMEDIATLY.

For more information please visit: http://www.getsafeonline.org/ and http://banksafeonline.org.uk/

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.