Online security experts have raised the alert level on yet another e-mail
virus ‘phishing’ for PayPal credit card numbers and other sensitive
information.
Just days after the appearance of
the MiMail.I worm, anti-virus firms have started detecting a new, more
sophisticated MiMail.J variant that has grown into a mass-mailer.
MessageLabs slapped a ‘High
Risk’ rating on MiMail.J, warning that the virus is already circulating
in 77 countries across the globe.
In recent months, scammers have been using the high-tech ‘phishing’
tactic to swipe credit card
numbers, bank account information, Social Security numbers and user
passwords but the latest trend to integrate phishing with e-mail borne virus
suggests a new level of sophistication, experts say.
For instance, while MiMail.I was programmed to trick users into entering
credit card numbers, PIN codes, expiration dates and the CVV personal
security
code printed on the back of cards, the MiMail.J variant has added fields for
mother’s maiden name and social security number.
The addition of those fields in the latest mutant could lead to
widespread identity theft instead of just an exploitation of a PayPal
account or credit card.
Symantec Security Response warned that MiMail.J distribution is high.
MailFrontier Fights Back
The latest twist on the scourge comes as Palo Alto, Calif.-based security
messaging vendor MailFrontier released the gold version of its Matador 3.5
anti-fraud software, an application that quarantines
e-mails it suspects are phishing messages.
MailFrontier’s Matador 3.5 uses proprietary analytics to automatically
detect and categorize fraudulent e-mails for Outlook and Outlook Express
users. The software, which doubles as a spam
includes alerting capabilities to allow customers to report phishing
attempts.
In an interview, MailFrontier CEO Pavni Diwanji told
internetnews.com phishers were successful in eliciting people’s
information around 40 percent of the time, a startling statistic when compared to the 0.1 percent success rate for regular spam.
“In September, we were seeing in the range of 80 million e-mails from
fraudsters (phishers). In October, that went up to 100 million and we
expect it to increase significantly during the Christmas shopping season,”
Diwanji said.
Before MailFrontier started separating phishing mail from regular spam,
Diwani said the company’s subscribers regularly unjunked phishing mail
because they were fooled into believing they were legitimate mail from
PayPal or eBay.
“About 40 percent of our users would regularly fall for these scams and
even accused us of blocking their legitimate mail. That is a terrifying
statistic,” Diwanji declared. “The scammers are becoming more sophisticated
and even for the savvy Internet user, it’s a serious threat. Vigilance has
to be mixed with improved technology, she added.