More from Brian Krebs's astounding blog post today.
"As the chart I compiled above indicates, attackers are switching the lure or spoofed brand quite often, but popular choices include Amazon.com, the Better Business Bureau, DHL, Facebook, LinkedIn, PayPal, Twitter and Verizon Wireless.
Also noticeable is the lack of antivirus detection on most of these password stealing and remote control Trojans. The average detection rate for these samples was 24.47 percent, while the median detection rate was just 19 percent. This means that if you click a malicious link or open an attachment in one of these emails, there is less than a one-in-five chance your antivirus software will detect it as bad." (emphasis added)
So, think this through for a moment. You get a phishing email that looks like it comes from a trusted vendor. You click on a link that whisks you off to a site infected with malware that tests your browser for vulnerabilities, and if the malware finds a hole, your PC gets infected. And to reiterate: "there is less than a one-in-five chance your antivirus software will detect it as bad.".
It took a moment to penetrate my thick skull, but that is when the thought: "OMG - I did not know it was THIS horrible" came to me.
We have GOT to train everyone, their family and friends to not fall for these phishing attacks.
Here is link to his blog post, and he has a spreadsheet with the actual numbers you can download.
"As the chart I compiled above indicates, attackers are switching the lure or spoofed brand quite often, but popular choices include Amazon.com, the Better Business Bureau, DHL, Facebook, LinkedIn, PayPal, Twitter and Verizon Wireless.
Also noticeable is the lack of antivirus detection on most of these password stealing and remote control Trojans. The average detection rate for these samples was 24.47 percent, while the median detection rate was just 19 percent. This means that if you click a malicious link or open an attachment in one of these emails, there is less than a one-in-five chance your antivirus software will detect it as bad." (emphasis added)
So, think this through for a moment. You get a phishing email that looks like it comes from a trusted vendor. You click on a link that whisks you off to a site infected with malware that tests your browser for vulnerabilities, and if the malware finds a hole, your PC gets infected. And to reiterate: "there is less than a one-in-five chance your antivirus software will detect it as bad.".
It took a moment to penetrate my thick skull, but that is when the thought: "OMG - I did not know it was THIS horrible" came to me.
We have GOT to train everyone, their family and friends to not fall for these phishing attacks.
Here is link to his blog post, and he has a spreadsheet with the actual numbers you can download.