Thursday, August 12, 2010

Phishing

"Phishing" is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack.
The term was coined in the mid 1990s by crackers attempting to steal AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password, for instance to "verify your account" or to "confirm billing information". Once the victim gave over the password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Phishing has been widely used by fraudsters using spam messages masquerading as large banks (Citibank, Bank of America) or PayPal. These fraudsters can copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. They can also link to the graphics on the legitimate sites to use on their own scam site. These pages are so well done that most people cannot tell that they have navigated to a scam site. Fraudsters will also put the text of a link to a legitimate site in an e-mail but use the source code to links to own fake site. This can be revealed by using the "view source" feature in the e-mail application to look at the destination of the link or putting the cursor over the link and looking at the code in the status bar of the browser. Although many people don't fall for it, the small percentage of people that do fall for it, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
Anti-phishing technologies are now available.
Example of use of phishing and impersonation
Below is an example of the real e-mail phishing for Hotmail passwords:
Subject: Windows Account Alert™‏
From: Windows Microsoft™ Center (war.veteran @ hotmail.com)
Sent: Fri 4/30/10 7:58 AM
To: accountprotectteam2010 @ hotmail.com
Microsoft Live Account Alert!!!
Dear Account Owner
This Email is from Microsoft Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestion's due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. Please verify your account and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account.
* Username: ...............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................
Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 48 hours for security reasons.
Sincerely,
The Windows Live Hotmail Team
In this case recipient provided the requested information. Soon intruder took over hotmail account and changed the password, security question and alternative e-mail address. Afterward the following email was sent to over 400 names in the Contact List:
Hello ,
I know that this message might meet you in utmost surprise.I am really sorry to bother you with this email but i just want you to know what i am facing right now.I am sorry that i didn't inform you about my traveling to London UK for a Seminar,i am presently in London now but unfortunately for me i lost my wallet which contains my money and other valuable things in a taxi.I can easily access the internet for now but I do not have access to phone at all.I want you to assist me urgently with a loan of $2,500 to sort-out my hotel bills and to get myself back home. I have spoken to the embassy here but they are not responding to the matter effectively,i promise i will pay you back as soon as i return.Kindly let me know if you can be of help so that i can send you the details you will use to send the money to me here in London. Further details of the transfer will be forwarded to you as soon as i receive your return email.
As a result of those emails intruder started email exchanged with about 5 individuals, some of whom went as far as to attempt (unsuccessfully) to send money.

No comments:

friendfinder1

Online TEFL course - free trial

bid