Instant Messages Carry Latest Phishing Scams

Security experts on Thursday reported that instant message advertising links to malicious URLs have begun appearing, and that such URLs could be phony Web site fronts used for phishing scams.

Phishing is the act of recreating a clone of a commercial Web site--typically a banking, investment firm or retail Web site--then luring the customers of the legitimate sites to the clone with requests to update personal information like passwords. Once user names and passwords are obtained by the "phishers," victims of the scam risk having their accounts emptied.

One sample phishing scam sent an instant message pop-up reading "you have been sent a picture. To view it, Click here," wrote George Bakosto, an event handler at the Internet Storm Center, Bethesda, Md., in a statement on its Web site. "In this sample, "the From address is four random letters. However, a trusted name could be used."

Of this new form of phishing, Bakosto wrote, "It is important to understand that most instant messaging systems use only weak authentication schemes. Instant messaging is not a tool for exchanging confidential information. Only few instant messaging systems allow for encryption and sophisticated authentication. If you need instant messaging to communicate confidential information, use a system that allows you to control the server and provides for encryption and reasonable authentication. Jabber is an example of a free package [with these capabilities]."

Similar instant messaging schemes have been used a few times in the past to distribute viruses, according to Bakosto.