The bad guys are getting smarter

Continuing on the theme of “More Ways Your Poor Computer Is Under Attack,” we look today at the phenomenon of phishing, a scheme which gets hold of your personal information in a very simple way – by tricking you into willingly providing it.

You already know that you should avoid following web links in e-mail messages. A spoofed message claiming to be from PayPal, for example, can direct you to a fake website that looks just like PayPal, which then captures the password and credit card information you type in. Fraudulent purchases, or even identity theft, are likely to follow.

Fortunately for us, most of the hackers behind these tricks know their way around a computer, but not a dictionary. Lousy spelling and grammar are a good tip-off that you’re on a bogus site.

That’s why I was surprised to learn of a new Trojan horse called Kardphisher, which mimics the activation procedure for Windows XP. If the Trojan gets on to your computer, it waits until you reboot and then informs you that you have to “re-activate” your copy of Windows.

 

 
On the next screen, Kardphisher gets down to business.


 
For the record, Microsoft does not request credit card numbers during activation, and it certainly wouldn’t ask for your ATM PIN.

Nonetheless, Kardphisher is a well-designed hack. I saw no grammar or spelling errors; just a clumsy use of punctuation.

The Trojan is not widespread, and Symantec rates it a very low risk. Any updated anti-virus program will be able to deal with it, so odds are you will never see this on your computer.

However, it’s worth knowing about, because anti-virus programs and firewalls are no substitute for vigilance. We all need to pay close attention to what we are doing on the computer, because the bad guys have learned how to spell.