Phishing for bank information now likely to involve government agencies

Just because many scammers have stopped sending as many phishing emails purporting to be from banks and other financial institutions doesn't mean they've stopped trying to steal people's money. According to CIO Today, more scams are claiming to originate from government subsidies such as the Electronic Federal Tax Payment System, National Automatic Clearing House Association and the U.S. Postal Service than ever before.

While it used be the common practice of phishing scams to try to steer a message recipient directly to a fake banking website, most attempts now aim to goad the victim into submitting financial information through one of these agencies. Other common vessels for scams include companies from industries such as private delivery or telecommunications, as well as social media websites.

Sophistication among phishing attacks is constantly improving, and attacks look more like the real thing with every major attack. The cyber-espionage malware called Flame that was found in Iran recently raised further concerns about the potential for phishing attacks.

Flame appears to be a state-sponsored espionage project, and after being released on computers across the world, more was discovered about its potential capabilities. According to the Washington Post, the virus downloaded onto infected computers using updates to Microsoft Windows, unseen by any anti-virus scan in place, using unauthorized certificates from the technology company.

Although the damage from Flame has largely been neutralized by post-discovery virus protection, an unauthorized certificate could be used as a tool in a scammer's arsenal to make his or her phishing attack seem more legitimate. Security professionals worry that the malware attack that Flame carried out could be the basis for more widespread, sophisticated attacks, according to the Washington Post.

Even as phishing attacks have evolved, some tactics remain the same. CIO Today notes that malware still requires users to ignore basic privacy protection practices and complicitly click on a link to download the malware.