Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New Scam: Hackers Use Phony Certificate To Seal Victims' ID-Fates
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.
1 Min Read
A new approach to password/account info-theft appeals to users' desire for enhanced protection, rather than directly asking for info. The scam asks users to install an important digital security certificate -- which is, of course, anything but secure.Noted by security firm F-Secure over the last few days, the so-called "fly phishing" con looks as slick and "legit" as any I've seen.
Its masterstroke is its spot-on mimicry of banker boilerplate (and for that matter of techy install-prose) as it walks the recipient through the steps required to install the digital certificate that will enhance their security and simplify their bank's sign-on process.
What's installed, for those who bite at the fly phish, is a trojan that then captures passwords, account numbers etc.
The user is never once asked for an identifying number or piece of confidential information.
This one is smooth and polished, with a razor-sharp barb that might prove more effective than the "we need your password" approach that has long-since approached and passed the point of diminishing returns.
F-Secure has a nice YouTube video of the scam here.
About the Author
You May Also Like
More Insights
