Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Phishing scam

Known types and aliases: HTML/Smithfraud.gen, HTML/Tcfbankfraud.gen, HTML/Bankfraud.gen, Phish-BankFraud.eml, HTML/Phishing.gen

This is a so-called "phishing scam". It is a counterfeit e-mail message, mass-mailed by various groups of hackers, that deceives gullible users into disclosing credit card numbers, bank account information and various personal details. The professionally crafted e-mail message claims to come from a bank, financial institution or an ISP and usually demands the confirmation of personal data. After clicking the link, users are sent to a fraudulent site, which looks just like the institution's web site and are asked for various sensitive information.

Details

This trojan does not install anything into the system. It comes in a form of an e-mail message and utilizes the "social engineering" technique to make users fill in their personal data on a fraudulent web site. Receiving this e-mail, opening it, or viewing the attachment is not harmful. There are a large number of modifications of this scam that imitate various banks and institutions. The text in the message often urges or threatens users to carry out the requested action. The groups behind the "phishing" make a profit from the submitted information.

Spreading

"Phishing scams" are mass-mailed by groups of criminals. Although they are received by e-mail, they do not spread themselves.

Manual removal

The deletion of the e-mail message.

Precautions

Beware when asked for private information. Do not click on links in e-mail and do not copy-paste them into your browser. Open a new browser window and type in the company's correct address. Make sure such requests are genuine by, for example, calling a known company's phone number. Do not send sensitive information by e-mail. Legitimate companies do not ask you to send important data by e-mail.