New Phishing Method Challenging PC Security Experts

posted in : Antivirus News Blog | comment : 0

Phishing has been a persistent threat to computer users for many years. It refers to the efforts made by a hacker to get somebody to give out personal information online.  This is usually done through fake emails from your bank, malicious websites, or other simple tricks.

But PC security firm ESET has warned that hackers have stepped up their phishing efforts. Today, hackers are using infected HTML and HTM files to trick the user into entering information on a web form. These HTML files are usually sent out as an email attachment. That email will tell users that it needs to download a particular file in order to officially register their account or to be approved for some credit card.

Once you download and click on the HTML attachment, it could open a form in which you enter personal information. Or, it could simply infect your computer with a virus. For all intents and purposes, it will appear to be an official looking web form from a trusted source.

The advantage of using an HTML file is that it can be difficult for antivirus software to detect it. When an HTML file is saved onto your computer and then opened, your computer is using intranet access as opposed to its internet connection. This means that the antivirus software’s URL filters won’t be triggered.

You see, to prevent phishing attacks, your antivirus software uses a database filled with reputation data about certain websites. If a lot of users have been infected after visiting a certain website, then the reputation filter will be triggered whenever you click on a link to that website. When you’re opening an HTML file locally on your computer, you’re not technically visiting a website on the internet.

So, even though the HTML file may open up in a browser window, your antivirus software may not see it as a threat. It simply is not expecting a phishing attack from that part of your computer.   

Protecting yourself from phishing malware

So how do you protect yourself from these scams? Well as clever as these new phishing attacks may be, they’re not impossible to spot. They often feature poor grammar and awkward wording, and may say things like, “kindly download the attachments file”. If an email from your bank has spelling mistakes, you’re either using the wrong bank, or you’re about to fall victim to a phishing scheme.

While these new HTML based phishing attacks may be harder to spot, that doesn’t mean that good antivirus software can’t protect your PC. Take a look at our top 10 antivirus software programs listed above. Many of them have anti-phishing support and can easily spot any scam emails you encounter.

Tags: , ,

No Comment