Training >> Browse Articles >> Applications


Harmful Phishing Attacks Get Personal

Harmful Phishing Attacks Get Personal

USA Today | Kim Komando

You know to watch for phishing attacks, which use e-mail messages purporting to be from legitimate businesses to trick you into divulging private information. You’re cautious and use a good spam filter, but phishing messages still get through. And these messages are more dangerous than ever.

According to Cisco, almost 200 billion spam messages are sent daily. They have one thing in common: They want your money.

Most computer users can spot phishing messages. Unfortunately, cybercriminals have become more sophisticated, too. Targeted phishing attacks account for 0.4% of spam. That may seem minor, but it’s 800 million messages a day.

For example, you receive a message purportedly from your Internet service provider. It greets you by name and says your billing information is outdated. It says you must click a link to update your information. If you comply, your information will be stolen. This is the type of targeted attack you will see more of in 2009.

Phishing on the rise

Small phishing attacks don’t receive much publicity. And the scammers’ use of personal information to hook you increases trust. So, small, targeted attacks are often more lucrative than large ones.

Criminals can pull information about you from public sources, or someone may be tricked into disclosing it. Either way, it is used to tailor the messages.

You won’t see a long list of recipients in targeted attacks. You may also notice a difference in the sender’s address. Criminals used to spoof e-mail addresses. Spoofing is a quick, easy way to cover tracks. But spam filters can spot questionable e-mail addresses. Criminals now create new accounts with reputable providers. Or, they hack users’ e-mail accounts. This helps criminals get past spam filters.

People who do business with large financial institutions are still prime targets, but clients of small or regional institutions are also targeted, along with those of ISPs and alumni organizations.

Phishing messages generally request your personal information. They may also instruct you to install a fake security update or a malicious browser plug-in. Do that, and kiss your personal information goodbye.

Criminals reverse engineer updates to understand the flaws they fix. Then they start probing computers over the Internet for vulnerabilities. If you’re accessing the Internet without using a firewall to keep out intruders, keylogging software could be installed on your machine. Or, your computer could be added to a botnet, a group of compromised computers doing the scammers’ bidding.

Criminals get social

Criminals aren’t just targeting e-mail accounts. They’re also turning to social-networking sites. For example, a recent worm infected Facebook users’ computers with malware. Compromised accounts were then used to send spam.

There’s also the case of College Prowler. It created more than 300 Facebook user groups. The company was probably gathering information for marketing purposes.

College Prowler may be legitimate, but this case underscores one thing: Marketers and criminals alike will do anything to get your data.

Be vigilant

Your best defense is vigilance. Only a company run by dummies would request personal information via e-mail. It’s possible, but it’s unlikely.

Let’s say you get such a message. Hover your mouse cursor over any e-mail links. This will get you the real e-mail address. So, does your bank have a server in Bulgaria? Probably not. Better delete that e-mail.

You could receive a message purportedly from your boss. Why would he need your Social Security number at 3 a.m.? And why does he want you to reply to Outer Mongolia? At the least, talk to him before answering.

Standard security measures are still important. Keep your antivirus and anti-spyware software updated and running. Install Windows updates when they’re released. Criminals are exploiting disclosed bugs faster than ever.

Earn Your Administrative Degree!

Campus or Online Programs
Featured Opportunity

An administrative degree can help you develop skills and help you pursue your dreams, so why not get started? Our degree finder can help you find programs online and in your area.

Get more information

Use a spam filter. You’ll find links to free spam filters and security software at

But remember, you’re never 100% safe. Approach requests for personal information carefully. Don’t let criminals take advantage of you.

And do your friends and family a favor. Forward this column to them now. Wish them a less spammy 2009!

Kim Komando hosts the nation’s largest talk radio show about computers and the Internet. To get the podcast or find the station nearest you, visit To subscribe to Kim’s free e-mail newsletters, sign up at Contact her at

Courtesy of © 2008 YellowBrix, Inc.

AdminSecret School Finder

Save time in your search for a degree program. Use AdminSecret's School Finder to locate schools online and in your area.

* In the event that we cannot find a program from one of our partner schools that matches your specific area of interest, we may show schools with similar or unrelated programs.

Recent Activity

romanico received the quiz result of "21-50% correct: Good effort", about 2 years ago.
tmiller received the quiz result of "Satisfactory", about 2 years ago.
new2admin gave a thumbs down to The Article "6 Ways Finding a Dream Job Is Like Finding Your Soul Mate", about 2 years ago.
kinsh1987 received the quiz result of "Legal Secretary ", about 2 years ago.
LoraJ commented on: "Lora Coats", about 2 years ago.