14 DAY TRIAL // In the recent period, more and more reports came to announce new phishing schemes which affected more or less famous technologies. Very often, those phishing attacks are supposed to steal users' information in order to be used in other malicious activities. Starting a few days ago, numerous well-known and respectable technologies including Google's video sharing service YouTube were involved into more or less critical attacks. How does a phishing scheme work? Usually, the attacker sends spam messages to the users, asking them to enter their usernames and passwords on a website in order to do something. For example, an attack concerning MSN Messenger asked users to visit a page to enter their usernames and passwords to keep their accounts active and avoid the removal.
Obviously, the websites are fake but what's more dangerous is that they often look exactly like the genuine one, making users believe they are on the original pages. After the visitor enters his details, the information is sent to the attacker who uses it for his own goals. In our MSN case, the attackers logged in into the MSN accounts to send messages to the victims' contacts to bring them on the malicious page which could obviously come with more usernames and passwords.
But other phishing attacks might attempt to infect users' computers to permit the attackers to access the systems without any restriction. For example, a YouTube phishing scheme reported today by the folks at F-Secure targeted the fans of the Google video sharing service, asking them to install a malicious and fake version of Adobe's Flash Player. Obviously, it was only a Trojan which could give more permissions to the attackers.
So how can we protect ourselves in front of these attacks? There's not much to do because you easily discover a phishing attack by analyzing the URL in your browser address. If there's something wrong with the link, avoid entering your credentials but keep in mind that account providers will never require you your private details.
In addition, you can always install an anti-phishing utility which can discover and block you from visiting the pages. However, with more and more phishing pages rolled out every day, it's pretty difficult even for a powerful tool to keep its database up-to-date and to protect the consumers.