New phishing trick

Yet another indicator that we can never rely on technology alone to protect computers or kids. In this case, it’s a sneaky phishing scam to grab Net users’ social security and credit card numbers, among other sensitive info. The Register says it’s “able to spoof eBay, PayPal and other top Web destinations without triggering antiphishing filters in IE 7 or Norton 360.” It got this from a Londoner who “says he's been careful to practice good PC hygiene. He runs Norton 360 and uses the latest IE version, which Microsoft has taken pains to lock down with a variety of safety features, including one that alerts users when they visit many spoofed sites. He's also careful to examine the certificates that accompany financial sites he visits before logging in to them.” So this one surprised him. The Register heard from a security expert who “guesses those experiencing this attack have inadvertently installed an html injector. That means the victims' browsers are, in fact, visiting the PayPal website or other intended URL, but that a dll file that attaches itself to IE is managing to read and modify the html while in transit.” It helps to be a good speller and grammarian, because typos and bad grammar are frequent giveaways in phishers’ emails that otherwise look like Paypal or your bank.