Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Apr
29th

Don’t Fall into a Phishing Trap!

Author: Indre | Files under Fix slow PC

Market watcher Gartner Inc., reports that phishing grew by almost 40 percent between September 2007 and September 2008. According to the research firm the basic targets refer to financial institutions and other intermediary parties as well as consumers.

http---www.apcert.org-documents-pdf-annualreport2008.pdf_-_Adobe_Reader.jpg

Figure 1. The number of malware and phishing incidents (2006-2008)

The aim of phishing is to get sensitive information like usernames, passwords and credit card details alongside masking itself as a reliable entity of electronic communication. Commonly, phishing is carried out through e-mail or instant messaging and directs a user to enter private details on a fake website. However, the appearance of the fake website is very similar or identical to the legal one. Bear in mind that server authentication is not always the solution, to detect that the website is fake is rather complicated.

In addition, phishing points to an instance of social engineering techniques for tricking users, altogether exploiting the poor usability of recent web security technologies. Apart from that the report analyzes the increasing number of announced phishing occurrences like legislation, user training, public awareness, and technical security measures.

So what are the potential targets of phishing? According to Wikipedia they include social networking sites, the RapidShare file sharing site, TD Ameritrade’s database, Russian Business Network etc.

There are various phishing techniques you should be aware of if you want to protect your personal data and feel safe in the world of computers. Consequently, the following paragraphs will focus on the basic methods of phishing such as Link manipulation, Filter evasion, Website forgery.

Link Manipulation: Phishers use misspelled URLs or subdomain tricks. The following example URL, http://www.yourbank.example.com/, seems as though the URL is going to take you to the ‘example’ section of the ‘yourbank’ website. The truth is that the URL actually refers you to the manipulated “yourbank” (i.e. phishing) section of the ‘example’ website.

Filter evasion: Phishers attempt to use images instead of text to make the process of detecting text, that is generally used for phishing e-mails, more difficult for anti-phishing filters.

Website forgery: If a computer user visits the phishing website be sure that the fraud has just begun. To change the address bar some phishing scams use JavaScript commands. For instance a picture of a legitimate URL can be put over the address bar, or the original address bar could be closed and a new one with the legitimate URL opened. What is more an attacker is able to exploit flaws in a trustworthy website’s own script and use it against the victim. These attacks appear to be very complicated, as they can direct a user to sign in at their bank or service’s own web page, where all the information from the web address to the security certificates appear to be legitimate, whereas they are not.

Further, let’s take a look at some instances of phishing attacks users face today. The first one would be TheSmartECard.com hoax. According to a post on the Twitter spam feed it is a scam/phishing site. Therefore, you should avoid this site and don’t provide it with your personal data. Unfortunately, some visitors of this phishing site had their accounts suspended.

Another example relates to Bancos, an internet banking Trojan. Bancos tries to steal financial data from a victim’s computer, the malicious server will collect all credentials and delicate data exchanged on false web sites.

phishing_wideweb__470x340,0.jpgSecurity experts state that phishers and spammers are currently using the ‘swine flu fever’ epidemic to scare computer users and sell them pharmaceutical products or steal their private information. In other words, the e-mail scams include a subject line connected with the swine flu and encompass either a link to a phishing Web site or an attachment with malicious code. For instance, according to Symantec one scam emphasizes a malicious Adobe PDF document under the title “Swine influenza frequently asked questions.pdf”. The malicious PDF file has been identified as “Bloodhound.Exploit.6″ which drops malicious InfoStealer code onto the victim’s computer.

The fight against phishing continues according to Avivah Litan, vice president and distinguished analyst at Gartner. There are security measures that aim to stop phishing, still they are not powerful enough. For this reason the following strategy must be applied:

  • continuous fraud detection,
  • stronger user authentication,
  • out-of-band transaction verification for registered users,
  • site authentication or assurance features,
  • and antiphishing services.

Resources:
Review on phishing and its techniques
Phishing outbreak
Phishing scam on Twitter
Bancos
Phishers and swine flu fever
Incidents of Malware and Phishing

One response. Wanna say something?

  1. Gabriela Lopez Forte
    Apr 29, 2010 at 23:03:08
    #1

    Run by a fake company with a fake name and fake address (see whois).
    To extort and blackmail money from businesses in Markham, Ontario, Canada. They are definitely doing forgery and possibly phishing.

Post a Comment

Security Code: