Not sure if this is the right place to put this, if it's not I sorry Haikster!

I got this from my one of my family and this may be posted somewhere already but I think it's a good info to share.
Banks Face New Phishing Scams

Nov 29, 2004 -- Catch of the Day: Banks Face
New Phishing Scams
Banks and their customers are facing new
threats of phishing attacks, making it more
difficult than ever to protect customers
from identity theft and fraud. The
increasing sophistication of phishing scams
makes it harder for consumers to discern the
difference between a legitimate bank e-mail
message and a fraudulent one, according to
industry experts.

One new type of phishing attack is
particularly hard to identify. The technique
can result in stolen personal data even if
the recipient of the fraudulent e-mail is
not fooled by it. When a bank customer
simply opens the e-mail, a program attached
to the e-mail by the phisher silently runs a
script - even if the customer deletes the
message without clicking on any embedded
links. When that customer attempts to visit
his or her bank's legitimate Web site -
during that session or a future session -
the malicious code redirects the person
being phished to a fraudulent Web site.

Even a savvy Web-banking customer is
vulnerable to this type of attack. Banks are
educating customers on how to identify a
fraudulent e-mail, but financial
institutions can't do much to protect
clients from simply opening fraudulent
e-mail, according to Alex Shipp, senior
antivirus technologist, MessageLabs (New
York), a provider of e-mail security
services. "It is difficult because banks
don't own their clients' computers," Shipp
says. "They can't do much to protect
customers, but what they can do is, as soon
as they learn about these sites, they can
take them down," he continues. "It's more of
a reactive thing; there is not much they can
do proactively."

Recently, three Brazilian banks, including
Unibanco (Sao Paulo), were the target of
this scheme, according to Shipp. And
MessageLabs expects to see more phishing
attacks of this type, he says. Shipp points
out that this particular scam only works on
machines running Microsoft Windows, but Mac
and Linux users can be affected if they use
Windows updates. He suggests using only
Windows systems that have had all available
security patches installed.

Did You See That Masked Man?

Another phishing technique that has
flourished is actually a combination of
hacking and spamming. As with a traditional
phishing attack, the assailant sends a
fraudulent e-mail to consumers. However,
this technique directs recipients to a
legitimate bank Web site. With a false sense
of security, users are more likely to enter
personal information, which is then hacked
by the fraudster, according to Susan Larson,
vice president of global content,
SurfControl (Scotts Valley, Calif.), a Web
and e-mail filtering solutions provider.

In this type of scam, the phishers take
advantage of security holes in financial
institutions' Web sites, Larson explains.
"Anyone doing any e-commerce is at risk,"
she adds. "The customers think they are on
the [legitimate] site, [but the data] is
really going to a fraudulent site."

SunTrust (Atlanta; $199 billion in total
assets) customers were the target of this
type of phishing. As soon as SunTrust became
aware of the threat, the bank corrected the
security flaw in its Web site, according to
Hugh Suhr, a SunTrust spokesperson. The bank
has a fraud alert section on its Web site
and warns customers that it does not solicit
personal information through e-mail. "We
never ask for confidential information via
e-mail," Suhr says. SunTrust also is taking
proactive steps to combat phishing, but Suhr
says he cannot divulge which technologies
are being leveraged - for security reasons, of course.