Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker invade > Content
Hot Articles
The MS08-067 crack invad
Smoothwall previews low
The RPC crack invades
GE Interlogix Diamond II
when load_file() invasio
Breaks the IE safe limit
Uses 135 ports to invade
MS08-067 introduces the
The local area network i
Sharp oracle pours into
SonicWALL Customers Prot
SmoothWall Launches Smoo
Invades the WINDOWS serv
Invades RedHat the Linux
Lotus notes also plays t
Recommend Articles
Manual injection ASP scr
Simulates the intruder t
Invades the chinalinux s
The local area network i
Invades the Linux operat
Invades in the process t
Invades once more using
Invades the WINDOWS serv
PHP pours into the invas
Brief analysis Linux sys
Invades the Turkish webs
Invades RedHat the Linux
Buffer overflow analysis
Invades the Linux system
The study contains the c
New Articles
Comodo Disk Encryption n
CRYPTO-MAS-service authe
The criminal attacks Erh
Hackers and malware deve
Five steps to protect co
MI5 hack highlights secu
Kaspersky Mobile Securit
Clavister and Meru Netwo
BioSlimDisk encrypted po
Facebook users are at ri
Europ?organizations awar
Gumblar Web-based attack
2012 Olympic Games suffe
Ties aimed at both Windo
How to recover EFS encry
How to avoid getting caught by phishing scams
  Add date: 07/06/2009   Publishing date: 07/06/2009   Hits: 3
Total 3 pages, Current page:1, Jump to page:
 
Hardly a day goes by without some online news reference to ‘phishing’, sometimes also known as ‘carding’ or ‘brand spoofing’. But what is it, how does it work and what are the effects? Phishing [a conscious misspelling of the word ‘fishing’] is a specific form of cyber crime. It involves tricking computer users into disclosing their personal details [username, password, PIN number or any other access information] and then using these details to obtain money under false pretences. It’s fraud: data theft, followed by theft of money.

Phishers relies heavily on ‘social engineering’ techniques. This is just a fancy way of describing non-technical breaches of security that rely on human interaction: tricking users into breaking normal security measures.

Social engineering is commonly employed by writers of viruses and worms as a way of beguiling unsuspecting users into running malicious code. This might mean attaching a virus or worm to a seemingly innocent e-mail message. LoveLetter, for example, arrived as an e-mail with the subject line ‘I LOVE YOU’ [and who doesn’t like to receive a love letter?] and the body text ‘Kindly check the attached LOVELETTER coming from me’. In an effort to put unsuspecting users further off their guard, the attachment had a double extension [LOVE-LETTER-FOR-YOU.TXT.vbs]: by default, Windows does not display the second [real] extension. This double extension trick has been used by lots of viruses and worms since, including SirCam, Tanatos and Netsky.

Another social engineering technique is to construct an e-mail to look like something that’s positively beneficial. Swen, for example, masqueraded as a cumulative Microsoft patch, manipulating users’ growing awareness of the need to secure their operating system from attack by Internet worms. Such ‘sweet’ emails are not the only for of social engineering. There are also ICQ messages with links to infected Web pages, for example.

In the case of phishing scams, the criminal creates an almost 100% perfect replica of a chosen financial institution’s web site. The criminal then goes ‘phishing’, using spam methods to distribute an e-mail that imitates a genuine piece of correspondence from the real financial institution. Phishers typically use legitimate logos, good business style and even make reference to real names from the financial institution’s senior management. They also spoof the header of the e-mail to make it look like it has come from the legitimate bank. In general, these letters inform customers that the bank has changed its IT structure and is asking all customers to re-confirm their user information. Occasionally, the letters cite network failures, or even hacker attacks, as reasons for requiring customers to re-confirm their personal data.

The fake e-mail messages distributed by phishers have one thing in common: they’re the bait used to try and lure the customer into clicking on a link provided in the letter. If the bait is taken, the luckless ‘fish’ stands in serious danger of divulging confidential information that will give the criminal access to his or her bank account. The link takes the user directly to an imitation site that mimics the real bank’s web site. This site contains a form that the user is told they must complete: and in doing so, they hand over all the information needed by the criminal.

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:A Tool to Unlock the Secrets of Strong Computer Security Next:Stranger Danger: The Threat from Social Engineering

Comment:

Category: Home > hacker invade
Home