SC Magazine recently issued a warning about a new approach to phishing that could result in more people falling for a scam that is now more than a decade old. Instead of trying to lure people into clicking on an infected link by pretending to be a bank looking to verify a password, the email pretends to be from a system administrator or other insider and warns the user that their mailbox is full.
Here's the text of the message:
"Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – > Click Here:  Note: Do not send email or Password to any one via email. System Administrator."
It's a simple but clever tactic. Clever in that uses a phishing lure that is not often used, so users won't necessarily have their guard up. And who hasn't received some kind of email from their IT department warning about an email or other technical issue? The "Click here" part could be anything from the download of some malware, to redirection to a fake page where the thief grabs your email and password.
This is a clear sign that scammers recognize how much better users are at recognizing the traditional, badly-written bank password phishing emails that have now been circulating for years. Time may not be far off when those phishing emails are a rarity, and instead we all have to be much more vigilant for phishing emails that are much harder to spot.
And people are still falling for these scams. A very active phisher who was caught last year just received a 12-year sentence. The resident of Long Beach in California had created a network of fake financial web sites that he lured users to using phishing emails.
He then sold the stolen information, including logins and passwords, to criminals in Romania. These individuals used the stolen identities to set up instant lines of credit, and in less than eight weeks stole an estimated $193,000. More troubling was the fact that nearly 38,000 victims fell for the scam.