As online shopping gets into full swing, phishers are setting up fraudulent e-commerce Web sites and simply waiting for victims using Google and other search engines to find them.
Published: December 3, 2004, 12:00 PM PST By Steven Musil Staff Writer, CNET News.com Traditionally, phishing scammers have lured their victims to fraudulent Web sites by sending official-looking e-mails that are ostensibly from well-known companies asking people to "verify" their usernames and passwords. Now many are setting up legitimate-looking e-commerce sites that disguise links to malicious software as pictures of goods on sale. Instead of linking to pictures of the advertised product, the links point to a self-extracting Zip file that installs a Trojan horse on the victim's computer. The program could then steal personal and financial information. In response to the emerging threat, a browser promises to detect phishing sites and nail an increasingly prevalent type of floating Web ad. Deepnet Explorer, a browser shell that uses Microsoft's Internet Explorer to render Web pages, analyzes Web addresses and combs through its own list of suspect sites to determine whether a site might be part of a phishing scam, in which fraudsters attempt to get personal and payment information from unsuspecting visitors.
The only easy day was yesterday.
...some do, some don't; some will, some won't (WR)