I got this from “Eagle Eye” Quantum Skyline:
News of this phishing scam became public today. To be honest, this one would have got me.
The reason why this phishing scam is so good is that it uses a completely valid certificate for SSL based (read: encrypted) communication with your browser. Most users are educated only to check for the little lock icon in their browser, because phishers were traditionally too lazy to use an SSL certificate. However, for the price of $69.99, a domain, and a MySQL database, anyone can create a decent phishing site
The thing is, very few people check the SSL certificate of their banks…
Take a second to check out Quantum’s post, and from now on also check your bank’s Security Certificates. While you’re at it, stop by the Anti-Phishing.org website and educate yourself on how not to give up your banking information.
So, in summary you can now *securely* transmit your information to hackers. Nifty. Phishing attempts have gotten brutal. A somewhat computer savvy friend of mine feel victim to a PayPal phishing scam, where the page essentially turned off the URL bar, and stuck a graphic that looks like a URL bar on top with http://www.paypal.com in the address. I think the general rule of thumb is … if you get ANY email asking you to login to your bank or paypal – it’s a phishing scam, no matter how ligit it looks.