*Sigh*

I don't always believe what news brings to the public eye. That's to say.
The internet is contaminated more than ever before, new phishing technologies are getting evolved rapidly and sometimes cutting corners to use some unexpected methods.

I think that this contamination is going to grow more and more in the coming years. The main reason is the categorical denial of some corporation that they have been fruitful victims for phishing in a way or another. Here they deny of being victimized by Spammers or Phishers, consequently not reporting the attempt. Here corporations give more time for such schemes to be used against more victims. A good example is one of the biggest companies in my country. All for the sake of keeping the image of unbreakable, invulnerable and supremely secured systems {The usual cherished perceptions and beliefs).

Social-engineering is one of the most effective schemes, I believe. Some user can be easily fooled by sending them an email similar to the original one... For instance, the IT email address for a company is [email protected] it can be easily imitated to [email protected]. Users will still reveal critical information if they are asked to. {Even if they noticed that this contact is not saved at the contact list, they might think that it is a system error}.

The bottom-line of all this, is that we have to increase the awareness of such kinds of schemes.

Cross-site scripting is a powerful technique and can fool even SOME more knowledgeable people. I don't know if you will witness the advent of more sophisticated techniques to crack down such activities?? The world is still working around the clock to achieve this. I do hope that everything will have a proper countermeasure.

just my thoughts

Cheers