US-Cert warns of phishing attacks that bypass filters

The US Computer Emergency Response Team (US-Cert) is warning users and administrators following the discovery of a potent new phishing operation.

The scam is targeting a number of institutions, including Bank of America, Lloyds, PayPal and TSB. The attacks appear as unsolicited emails carrying HTML attachments.

The attack is particularly dangerous in that it uses techniques to get around security filters designed to catch phishing sites.

"This attack is unlike common phishing attacks because it locally stores the malicious web page rather than directing users to a phishing site via a URL," the agency said.

"Many browsers use anti-phishing filters to help protect against phishing attacks; this method of attack is able to bypass this security mechanism."

The group advises consumers and administrators to use best practices for avoiding phishing attacks, such as not opening unsolicitied emails or suspicious email attachments.

The new attacks come on the heels of a shutdown that experts had hoped would cut down on spam loads. Microsoft spearheaded an effort with law enforcement which saw the infamous Rustock botnet taken down.

Other recent phishing attacks have targeted social network services such as Facebook.

Dave Marcus, head of research and communications for McAfee Labs, told V3.co.uk that people can avoid the recent scam and other phishing attacks by using best practices for security.

"Organisations and users should scan computers for vulnerabilities regularly, and ensure that security software is up-to-date," he said.

"End users should avoid opening emails from unknown sources and use safe browsing software."