Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business ? but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You'd Better Not Visit

Phishing websites

Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Keyloggers and Trojans

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

A Hybrid Scam

In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website.

Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details.

This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) ? so the information is captured even if the user doesn't type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive.

As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work.

Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Fortune

Twitter Bans Ads from Russian Computer Security Company Kaspersky Lab
Fortune
Twitter has banned ads on its service from Russian security software maker Kaspersky Lab, after the U.S. government prohibited agencies from using its products because of alleged ties to the Russian government. The ban, confirmed by Twitter to Reuters ...
Twitter banned Russian security firm Kaspersky Lab from buying adsTechCrunch
Kaspersky banned from advertising on Twitter over security fearsTelegraph.co.uk
Twitter Ads policies - Twitter for BusinessTwitter for Business
Reuters -Homeland Security -Kaspersky Lab -Ars Technica
all 40 news articles »

WIRED

Security News This Week: A Google Fix Breaks Anti-Censorships Tools
WIRED
In more current news, the White House sent mixed messages on cybersecurity policy this week, calling out Russian hackers for compromising popular routers and firewalls—a problematic, but unsurprising and even popular type of attack. Meanwhile, the ...

and more »

Politico

Bolton names Commerce official as his national security deputy
Politico
“I selected her as deputy national security adviser because her expertise is broad-based and includes national security matters related to our alliances, defense posture, technology security, foreign security assistance and arms control,” Bolton said ...
White House announces new deputy national security advisorDefenseNews.com
John Bolton begins to shape National Security Council staffWashington Post

all 10 news articles »

CryptoSlate

Crypto Trade Group Pressures SEC to Exempt Ethereum From Security Classification
CryptoSlate
An alliance of lawyers, venture capitalists, and entrepreneurs have recently met with the US Securities and Exchange Commission to petition for the creation of cryptocurrency “safe harbors” for specific cryptocurrencies and tokens, including Ethereum ...
US Regulators Asked Not to Classify Ethereum as a Security: NYT ReportCCN

all 20 news articles »

BBC News

UN Security Council seeks to heal Syria divisions in Sweden
BBC News
In a rare meeting outside New York, the UN Security Council is holding talks at a remote farmhouse in southern Sweden. The informal session, which is held annually, is expected to focus on the Syrian conflict and on overcoming members' deep divisions ...
UN Security Council convenes in remote Swedish farmhouseThe Local Sweden

all 6 news articles »

TechRepublic

Upcoming Windows Defender feature will tell you when security fails
TechRepublic
All of the attestation is done by the secure kernel, the end result of which is security validation that an attacker or malware in the Windows kernel can't alter. Microsoft gives an example where "an app could ask Windows Defender System Guard to ...
Windows 10: Microsoft to boost Linux app security with Windows Defender firewallZDNet
Hackers can bypass the Windows 10 S lockdown due to security flawDigital Trends
Google discloses 'medium-severity' security flaw in Windows 10 SWindows Central
Naked Security -Chrome - Google -Monorail - The Chromium Projects
all 64 news articles »

WFAA.com

Italy ISD increasing security after school shooting
WFAA.com
Italy ISD increasing security after school shooting. "Italy ISD will always be the school that this happened to. What we're going to do is focus on prevention and response." Author: Monica Hernandez. Published: 8:54 PM CDT April 20, 2018. Updated: 9:07 ...


Rutland Herald

Rutland Town eyes poll security at school
Rutland Herald
Rutland Town Clerk Kirsten Hathaway said the alleged threat of violence at Fair Haven Union High School and violence at schools in other parts of the country has her thinking twice about security at Rutland Town Elementary School during townwide voting ...

and more »

Brookings Institution (blog)

Development for security: Lending for peace?
Brookings Institution (blog)
Two World Development Reports tackled the security-development nexus. The WDR 2011 explicitly argued that investments in citizen security and justice reform can help countries break recurring cycles of violence. The WDR 2017 surmised that good ...


NewsChannel5.com

Maintaining Cyber Security On Student Devices
NewsChannel5.com
FRANKLIN, Tenn. - In order to keep students without access to the internet from falling behind, students will be able to take laptops home. But some are questioning what that means for their cyber security. It's why several school districts have moved ...

and more »
Google News

How to Manage Your Username and Password The Easy and Secure Way

Have been an Internet user for more than 9 years,... Read More

Internet Identity Theft - How You Can Shield Yourself

With the advent of the World Wide Web, a whole... Read More

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More

Internet Scams: Dont be a Victim

As the number of people using the Internet as an... Read More

Personal Firewalls for Home Users

What is a Firewall?The term "firewall" illustrates a system that... Read More

How Can Someone Get Private Information From My Computer?

From the "Ask Booster" column in the June 17, 2005... Read More

Arming Yourself Against Spyware

While clicking from site to site on the internet you... Read More

7 Ways to Spot a PayPal Scam E-Mail

Paypal is a great site and is used by many... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

Avoiding Scams: If It Sounds Too Good to Be True, It Probably Is

A week or so ago, I received an inquiry from... Read More

Money Mule Email Scam Hits U.S.

Imagine this ? you open up your email box and... Read More

Identity Theft - Dont Blame The Internet

Identity theft ? also known as ID theft, identity fraud... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

Spyware Attacks! Windows Safe Mode is No Longer Safe

Many of us have run into an annoying and time-consuming... Read More

SCAMS ? Be Aware ? And Report When Necessary

The Internet is a vast International Network of people and... Read More

Secrets On Security: A Gentle Introduction To Cryptography

Let us take the example of scrambling an egg. First,... Read More

3 Simple Steps to Stay Safe from Spyware

There are several basic concepts to keep in mind when... Read More

Mail Forwarding - Why Would You Do It?

First of all we need to get some terms stated.... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

New Mass Mailing Spamming Internet Trojan for the Windows Platform

May. 16th 2005 - MicroWorld has reported the discovery of... Read More

How To Prevent Spyware Attacking Your Computer

Spyware is software or hardware installed on a computer without... Read More

The Important Steps To Protect Your Kids on the Internet

Internet is the ocean of knowledge. In this ocean you... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

Protecting Your Children On The Internet

If you are a parent, as am I, I think... Read More

Is the Internet Insecure Because of You?

Long gone are the days that we could feel secure... Read More