21. October 2009 · Comments Off on Phishing emails have become more convincing · Categories: Botnets, Funds Transfer Fraud, Malware, Social Engineering · Tags: , , ,

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about  "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.