Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
How to avoid getting caught by phishing scams(2)
  Add date: 07/06/2009   Publishing date: 07/06/2009   Hits: 3
Total 3 pages, Current page:2, Jump to page:
 


As you’d expect, phishers target organizations that handle significant numbers of customer financial transactions online. And in the last 18 months, customers of Barclays, Citibank, Halifax, HSBC, Lloyds TSB and MBNA, NatWest have all been targeted by phishers. However, it’s not only banking customers: other organizations whose customers have been targeted include amazon.com, AOL, BestBuy, eBay, MSN, PayPal and Yahoo.

Of course, in any single phishing scam, it’s likely that only a small proportion of those who receive the fake e-mail will be customers of the spoofed bank or other organization; and only a small proportion of them may ‘take the bait’. However, as with spam e-mail, the perpetrators send out such large volumes of fake messages that even a low response is likely to harvest enough data to make scam worthwhile. In this sense, the term ‘trawling’ might be more appropriate than phishing.

There are high stakes involved. Estimates of the losses resulting from phishing scams vary [search online and you can find figures ranging from $400 million to $2.4 billion]. However, it seems clear that the number of phishing attacks, and the associated costs, are increasing. From July 2004 through to November 2004, there was a 34% month-on-month growth in the number of new, unique phishing e-mail messages; and a 28% month-on-month growth in the number of unique fraudulent web sites [figures taken from the Phishing Activity Trends Report – November 2004, Anti-Phishing Working Group].

As if this weren’t enough, the problem doesn’t necessarily end with direct costs. Some phishers also place exploits for Microsoft Internet Explorer [IE] vulnerabilities on their sites. When the victim follows the link to the fake web site, the exploit is used to upload a Trojan to their machine. As a result, not only is the user’s banking information harvested, but their machines become unwilling ‘soldiers’ in a ‘zombie’ army that can be used for further malicious activities: as part of a DDoS [Distributed Denial of Service] attack designed to extort money from a victim organization, for use as a platform for spam distribution or for use in the spread of a virus or worm.

It’s hardly surprising that phishing has attracted significant media attention during the last year or so. At the same time, financial institutions now provide advice to their customers about the potential dangers. The result is that users are becoming increasingly wary. So phishers are looking for more sophisticated ways of luring users into giving up their personal banking information.

Some phishers now make use of vulnerabilities [or unwanted features] to make their scams less obvious. An Internet Explorer [IE] vulnerability documented by Microsoft in late 2003 allowed a phisher to create a fake web site that not only has the right ‘look-and-feel’ of a legitimate financial institution, but displays the correct URL in the IE browser window. So when the user clicks on the link in the phisher’s e-mail, the web browser displays content from the fake web site, but the URL in the browser window is that of the legitimate bank. This vulnerability is explained on the Microsoft web site, together with tips on how to identify spoofed web sites.

 
Other pages: : <<Prev * 1 * 2 * 3 * Next>>
Prev:A Tool to Unlock the Secrets of Strong Computer Security Next:Stranger Danger: The Threat from Social Engineering

Comment:

Category: Home > hacker invade
Home