Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Phishing, Fraudulent, and Malicious Websites > NetSparsh - Viral Content you Love & Share

Phishing, Fraudulent, and Malicious Websites

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business ? but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You'd Better Not Visit

Phishing websites

Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Keyloggers and Trojans

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

A Hybrid Scam

In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website.

Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details.

This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) ? so the information is captured even if the user doesn't type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive.

As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work.

Learn more -- visit the company's website http://www.anti-keyloggers.com

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Retirement Security: Fire And Fury In Telecommunications
Seeking Alpha
AT&T's merger with Time Warner has hit a brick wall and the market is celebrating. Here's what I'm doing. How about you? Subscribers to "Retirement: One Dividend At A Time" got an early look at this material via free instant text message trade alert ...

and more »

Forbes

How This Millennial Went From A High School Dropout To Cyber Security Expert
Forbes
Manan Shah, the 24-year-old founder of cyber security firm Avalance Global Solutions, is one of the top cyber security experts, but his path to the top was far from traditional. A high school dropout and former hacker, Shah had to overcome run-ins with ...


TechCrunch

Tortuga Logic raises $2 million to build chip-level security systems
TechCrunch
Tortuga Logic has raised $2 million in seed funding from Eclipse Ventures to help in their effort to maintain chip-level system security. Based in Palo Alto, the company plans to use the cash to build products that will find “lurking vulnerabilities ...


Fox News

Schools adept at shoring up security at any hint of danger
Fox News
Schools have become adept at rapidly shoring up security, measuring responses against the toll it could take on students' learning and sense of safety. The president of the National Association of School Resource Officers says schools regularly ...

and more »

UN News Centre

Russia again vetoes extension of chemical experts in Syria
ABC News
And it was Russia's 11th veto of a Security Council resolution dealing with Syria, its close ally. Russia cast its latest veto Friday night on a last-ditch resolution by Japan to extend the mandate for 30 days for further discussions. It was supported ...
Security Council fails at fresh attempt to renew panel investigating chemical weapons use in SyriaUN News Centre
Security Council Considers 30-day Extension on Syria ExpertsVoice of America
The Investigation Into Chemical Attacks in Syria Is Fizzling Out After a Security Council ShowdownTIME

all 588 news articles »

UN News Centre

At Security Council, UN chief urges cooperation to tackle security challenges in Mediterranean
UN News Centre
17 November 2017 – The Mediterranean – a confluence of civilizations, cultures, religions, trade and migration – is facing multiple security challenges, such as terrorism, illicit trade in narcotics, environmental degradation and forced displacement ...

and more »

New York Times

Homeland Security Official Resigns Over Remarks on African-Americans and Muslims
New York Times
WASHINGTON — The Department of Homeland Security's head of outreach to religious and community organizations resigned on Thursday after audio recordings revealed that he had previously made incendiary remarks about African-Americans and ...
Homeland Security Official Who Blamed Slums On 'Lazy Blacks' QuitsHuffPost
Homeland Security official Jamie Johnson resigns after comments ...Washington Post
Homeland Security's head of community outreach resigns over past controversial comments on black community, IslamCNN
Fort Dodge Messenger -The Grio -New York Daily News -The Hill
all 71 news articles »

North Darfur security: Swiss aid worker released, kidnappers held
ReliefWeb
The security authorities in North Darfur announced on Wednesday that kidnapped Swiss aid worker Margaret Schenkel has been “released from her captors in a mountainous area during a professional security operation”. The head of the National ...

and more »

KING5.com

Seattle police plan security for tree lighting ceremony
KING5.com
Seattle police have a plan to secure next week's holiday tree lighting ceremony in Westlake Park, and it makes room for protesters to exercise their first amendment rights. "It's the kickoff for the holiday season," said James Sido, DSA spokesperson ...


Computerworld

Strong and stable: The iOS security guide
Computerworld
So, what's the weakest point in mobile device security? Sadly, it's you. From tapping links in phony emails to accessing confidential password-protected information using open public Wi-Fi hotspots to simply using the same password everywhere: All ...

and more »
Google News

Spyware, This Time Its Personal!

First the basic definition of Spyware: It is a type... Read More

Online Shopping: 10 Tips For Safe Online Shopping

Have you ever bought a product or service from the... Read More

Personal Firewalls for Home Users

What is a Firewall?The term "firewall" illustrates a system that... Read More

Desktop Security Software Risks - Part 1

This is the second in a series of articles highlighting... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Technology and Techniques Used in Industrial Espionage

Industrial Espionage. These methodologies are being used on a daily... Read More

The Attack of the Advertiser - Spy Mother Spy

The menacing campaigns that drive the corporate spyware and adware... Read More

How to Protect Your Child from the Internet

When the Internet first came about, it was realized it... Read More

Hacking Threats and Protective Security

The 1998 Data Protection Act was not an extension to,... Read More

Consumers: Shop Online and Get Information Safely

Do you really have to know how feeds work? Not... Read More

Just Whos Computer is this Anyway?

Well, this is an article I never thought I would... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

Traditional Antivirus Programs Useless Against New Unidentified Viruses!

Every now and then you can read about a new... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

How To Cover Your Tracks On The Internet

Every single time you access a website, you leave tracks.... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

The Truth About Hiding Your Tracks on the Internet

Ok, ok, I know you've seen them. All those pop... Read More

Dont Miss Information Because of Misinformation

It has been said that with the wealth of information,... Read More

Password Security and Safety

There is nothing more important that password security in world... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

SPYWARE - Whos Watching Who?

I am in the midst of Oscar Wilde's The Picture... Read More