Remember a couple of weeks ago I talked about zombies. Specifically how the implicit trust we have in social media tools is providing an opportunity for bad guys to turn your computer into a zombie that can be controlled to steal identities, personal information, or take down important websites.
Well, the security experts at RSA (the security division for EMC) have been posting blog posts on the very same topic! Sam Curry says in this post that this past July saw a new record high of 13,212 phishing attacks. He says:
Online criminals are also using technology better: more leverage of DNS and less reliance on IP addresses means a large, redundant network of phishing sites.
He also quotes Jacqui Cheng from Arstechnica.com:
“Of course, both companies are only talking about e-mail phishing scams in their reports. Researchers and IT admins have been warning that social networks are increasingly becoming vectors for phishing attacks, and in-session phishing attacks (after you already log into a legitimate website) are becoming more prevalent as well. Clearly, the Web is where it’s at when it comes to seeding new attacks into the wild, so the “drop” in phishing scams might be better described as an evolution.”
If you are interested in details of how one of these attacks work, check out this post from RSA Labs. The post talks about the Zeus Trojan, which steals personal information once it has been downloaded onto your computer. As soon as it has the info, it uses Jabber (an instant messaging tool) to send the personal credentials to a criminal who then use the credentials. The scary thing? RSA Labs traced the trojan from financial institutions in the US.
So be careful out there guys!