Updated July 22nd 2004 11:31 UTC
"Phishing is not just for e-mail anymore. A reader associated with antiphishing.org
reported a new twist to this scheme that advertises malicious URLs via Instant Messaging
. This scheme has been used a few times in the past to distribute viruses
This new message reads "you have been sent a picture. To view it, Click here". In this sample, the 'From' address is four random letters. However, a 'trusted' name could be used.
It is important to understand that most instant messaging systems use only weak authentication schemes. Instant messaging is not a tool to exchange confidential information. Only few instant messaging systems allow for encryption and sophisticated authentication. If you need instant messaging to communicate confidential information, use a system which allows you to control the server and provides for encryption and reasonable authentication. Jabber is an example of a free package."