Recent phishing attacks prompt the need for some security advice for e-mail users.When you hear about a phishing attack on e-mail accounts, it's easy to assume that the victim was just too gullible. But as recent attacks on Gmail, Hotmail and Yahoo Mail have demonstrated, the old rule of "don't open attachments or click links from untrusted sources" isn't always enough to fend off a targeted phishing attempt.
Security firm Trend Micro has dissected the attacks to figure out how they worked. Here are a few key takeaways:
Friends Can't Always Be Trusted
Everyone knows to treat certain kinds of e-mails with suspicion, the like the one from your bank claiming that it needs to verify your user name and password. But the recent spearphishing attacks on Gmail users were made to look like they came from friends, family, or colleagues. This trick made victims more likely to open attachments and click on links to fake log-in pages.
Sometimes, You're Powerless
In late May, Trend Micro discovered a vulnerability in Hotmail that could compromise a user's account just by previewing an e-mail. The malicious messages, specially crafted for individual targets, triggered a script that could steal e-mail messages and contact information and forward new messages to another account. Microsoft has already patched this vulnerability, but only after real-world attacks were discovered. Read More
