Webjacking, and how to boot it out

Once installed on the victim's machine, the trojan either edits the host file or modifies the DNS server settings to re-direct specific (or all) look-ups to a fraudulent web server. This server will typically deliver appropriate content most of the time, but is able to re-direct selective requests to a fake web site. The user doesn't click on a link and has no way of knowing that the requested data has been falsified.

Moving target

Phishing is a specific cyber crime that relies heavily on 'social engineering', non-technical breaches of security that focuses on human interaction: in other words, tricking users into doing something they shouldn't. As such, phishing is constantly adapting. Criminals are continually seek ways to trick users and catch them unawares. Technology advancements or a new type of snare to drawn in users are all part of the toolkit.

For more information on avoiding phishing scams, check out the APWG's Consumer Advice on Phishing, www.antiphishing.org.