Phishing schemes have moved into the realm of instant messaging.
Security experts on Thursday reported that instant message advertising links to malicious URLs have begun appearing, and that such URLs could be phony Web site fronts used for phishing scams.
Phishing is the act of recreating a clone of a commercial Web site–typically a banking, investment firm or retail Web site–then luring the customers of the legitimate sites to the clone with requests to update personal information like passwords. Once user names and passwords are obtained by the “phishers,” victims of the scam risk having their accounts emptied.
One sample phishing scam sent an instant message pop-up reading “you have been sent a picture. To view it, Click here,” wrote George Bakosto, an event handler at the Internet Storm Center, Bethesda, Md., in a statement on its Web site. “In this sample, “the From address is four random letters. However, a trusted name could be used.”