Harry Waldron - Corporate IT Security

This phishing attack captures the most extensive privacy and account information in a "one stop" shopping attempt that I've seen so far.  You'd better know your genealogy well, along with providing SSN, drivers license, bank account, credit card info, etc., in this phishing attack originating out of Denmark. 

The graphics and presentation are well done, from a social engineering standpoint.  However, the obvious clue is that amount of sensitive information requested. Continued education and emphasis are needed, so that so that inexperienced users will avoid compromising their privacy and avoid becoming victims of fraud.        

F-Secure: How Gullible are you?
http://www.f-secure.com/weblog/archives/00001288.html
http://www.f-secure.com/weblog/archives/hugepaypal.gif

QUOTE: Now, take a look at the list of questions they're asking. It's quite astonishing that anybody would be gullible enough to go through the full form and type in all the required information. Like your e-mail password? Your father's day of birth? Your PIN? Then again… somebody will fall for this. Someone always does.

Some best practices to avoid phishing attacks:

* Avoid answering any email soliciations you did not originally request
* If this email was captured by a spam filter, there's a strong likelihood it's not legitimate.
* Look at the URL carefully for how it deviates from the true parent site.
* Use the latest browsers (as IE 7, Firefox, and Opera all employ phishing filters)
* Test the URL with Site Advisor or other similar tools
* Never share any sensitive information in an email message
* Go through the primary website and navigate to your account (rather than using any email links)
* Remember that phishing attacks are the "norm" rather than the "exception" (banks or other entities normally don't use email by phone calls or postal mail)
* Look for spelling errors are other clues, the website may not be authentic
* When in doubt, don't do anything electronically.