Phishing

Recently I have received email from my bank/credit Card Company, eBay & pay pal saying that my account has possibly been compromised and I need to confirm my details and password in order to get continued access.

Spam email now has a new and more frightening variant, it's called phishing and it has been made by criminals and hackers who aim at getting unwitting consumers to reveal account numbers and passwords.

Usually after getting an email like the ones mentioned above from reputable companies, most of us would race to respond as quickly as possible. However, in most cases you will find that you won't be helping anyone other then the criminal who wrote that email and who has nothing to do with the actual organizations.

What is Phishing?

It is when someone creates false email that pretends to be from a bank or other authority, but which is actually designed to collect sensitive information such as passwords. This process of stealing information used for fraudulent purposes is the latest problem to plague Internet users. It is a phenomenon know as phishing i.e. emails 'fishing' for important information.

Just like Spam, phishing mails are sent to the widest possible audience so it's not unusual to receive a message asking you to confirm account details from an organization you do not actually deal with. You may be asked to fix up your eBay account when you haven't even got one!

In addition to collecting sensitive information many phishing messages try to install spy ware, Trojans etc. allowing hackers to gain backdoor entry into computers.

Types of Phishing Emails:

Some phishing emails ask for a response by email.

Some emails include a form for collecting details that you are told to fill out.

Some even include a link to a web site that resembles the actual site you expect to visit, but is actually a clone of the original site.

Number of active phishing sites reported in March, 2005: 2870

Number of brands hijacked by phishing campaigns: 78

Contains some form of target name in URL: 31%

Country hosting the most number of phishing sites: United States of America

Source: http://www.antiphishing.org

Phishing attacks can be really sophisticated. Some time ago a flaw in Internet Explorer allowed hackers to display a false address while redirecting the user to an entirely different site making it almost impossible to distinguish a phishing attack from a legitimate email.

Possible solutions:

New technologies can provide a better means of countering phishers. One option being explored by a lot of banks is the use of a secure token, a small electronic gadget that generates a unique password to be entered each time a user logs onto the web site. This would make a phishing attack useless because without the physical possession of a token it is impossible to access the account. This approach is somewhat similar to what is used at Automated Teller Machines around the world where you need to have both the card and the Pin number in order to use the machine.

One option is to use a technology popularly knows as PassMarks that effectively acts as a second password. After entering the user name a unique image pre selected by the user is displayed before s/he is asked for the password. If the proper image is not displayed the user will come to know that s/he is not on the authentic site. Another option that a lot of organizations are exploring is using text messages instead of email messages. Text messages cost money to send, so Spammers are less likely to partake in the process making it easier to distinguish between legitimate messages and fakes.

Ashish Jain
M6.Net Web Helpers
http://www.m6.net

In The News:


Kitsap Sun

OC launches investigation of security director
Kitsap Sun
BREMERTON — Olympic College has launched an investigation of complaints against its director of campus safety in light of a vote of no confidence by the union representing security guards. The vote, taken in mid-January, showed 88 percent of members ...


The Sun

Security services knew of glaring weakness in Parliament security after 'war game' simulating attack on Westminster ...
The Sun
SECURITY services were aware of gaps in Parliament's security after a simulated attack ended with most MPs being killed, it has been claimed. A source quoted by the Sunday Times claimed a “table-top” exercise revealed four terrorists with automatic ...
Security chief told MPs they were safe in parliament before attackThe Guardian
Urgent review of security gates of Parliament needed after Westminster attackExpress.co.uk

all 56 news articles »

The Independent

Security breach renders in-flight laptop ban useless
The Independent
The airport which is the main target of the Government's ban on electronic devices has a security flaw that renders rigorous checks futile, The Independent can reveal. After clearing six separate security hurdles at Istanbul airport, passengers bound ...

and more »

Rochester Democrat and Chronicle

JCC receives $200000 to improve security
Rochester Democrat and Chronicle
The Jewish Community Center of Rochester will receive $200,000 to upgrade security measures at the Brighton facility. The news was announced Sunday morning, just two weeks after the JCC was evacuated following a bomb threat to the facility, the second ...
JCC of Rochester gets $200000 for security enhancementsWXXI News

all 4 news articles »

The Japan Times

European security ties 'too precious' for Brexit talks
The Japan Times
LONDON – Britain's intelligence expertise may be “too precious” to use as a bargaining tool in the upcoming Brexit talks, experts said, after a terror attack in London highlighted the need for continued European security cooperation. The suggestion ...

and more »

New System Estimates Cleveland Airport Security Wait Times
U.S. News & World Report
New System Estimates Cleveland Airport Security Wait Times. Cleveland's main airport is developing a system to help travelers more accurately compare wait times at its security checkpoints and better plan their trips. | March 27, 2017, at 12:08 a.m.. MORE.

and more »

Reuters

Britain reviewing security at parliament after deadly attack
Reuters
Interior minister Amber Rudd told the BBC there would be another review of security at the Palace of Westminster, but that such arrangements were continually assessed. "There are constant reviews and updates so that we have the right form of defense in ...
London attack fuels calls for tighter Westminster securityThe Guardian
London attack: Parliament security under reviewBBC News
Questions over Parliament security as motorcyclist rides through gate shortly after terrorist attackTelegraph.co.uk
Wall Street Journal (subscription)
all 8,413 news articles »

Huffington Post

What Don't We Talk About When We Talk About Israel's Security
Huffington Post
When Israeli and American Jews talk about “Israel's security” they are thinking about the Holocaust and about extermination. That is the reason they choose the narrowest possible definition of “security,” a strip. Israel's “security” is what we ...

and more »

Otago Daily Times

Ivory Coast rescinds port security measures, attack threat unfounded
Reuters
"After compiling the information ... it emerged that the threat is not real," the head of maritime security Colonel Bertin Koffi Tano wrote in a second order to the Abidjan and San Pedro port authorities and shipping companies on Sunday. "I ask that ...
Ivory Coast boosts port security over attack threatOtago Daily Times

all 5 news articles »

The Sun

Security alert at Ant and Dec's Saturday Night Takeaway as police called amid claims four men broke into the studio
The Sun
An ITV spokesman said: “A youth who attempted to gain access to the London Television Centre, as a prank, at 11pm last night was quickly apprehended by our security team when he triggered an alarm as he climbed an external wall. “He did not gain access ...
Ant and Dec at centre of security alert after four men tried to 'break into' Saturday Night Takeaway studioMirror.co.uk

all 38 news articles »
Google News

Computer Viruses, Worms, and Hoaxes

In recent days, I was one of the unfortunate persons... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

A Painless Plagiarism Solution

A crowded marketplace can lead to unethical webmasters using underhand... Read More

Lets Talk About Antivirus Software!

Nowadays more and more people are using a computer. A... Read More

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

Watching the Watchers: Detection and Removal of Spyware

If spyware were a person and he set himself up... Read More

Fishing for Fortunes. Scam!

Spelt phishing, but pronounced as above, this despicable act is... Read More

Preventing Online Identity Theft

Identity theft is one of the most common criminal acts... Read More

Steganography ? The Art Of Deception & Concealment

The Message Must Get Through ----------------------------- The year is 300A.D.,... Read More

Burning Bridges is Bad, But Firewalls are Good

When you signed up for that ultra-fast DSL or Cable... Read More

Check Out That Privacy Policy

Before you enter your name, address or any other data... Read More

Phishing - Learn To Identify It

Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More

8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft

Ebay is a great site and is used by many... Read More

Web Browsing - Collected Information

You may not realize it, but as you are surfing... Read More

Be Alert! Others Can Catch Your Money Easily!

So called phishers try to catch the information about the... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk

The trash folder in my main inbox hit 4000 today.... Read More

Cyber Crooks Go Phishing

"Phishing," the latest craze among online evil-doers, has nothing to... Read More

An Open Door To Your Home Wireless Internet Network Security?

This is not some new fangled techno-speak, it is a... Read More

Phishing - Identity Theft & Credit Card Fraud

What is Phishing? Phishing is a relatively newly coined term... Read More

Identity Theft Offline -- So Many Possibilities

Chris Simpson, head of Scotland Yard's computer crime unit was... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

What is Hacking? Are You a Hacker?

WHAT IS HACKING?Hacking, sometimes known as "computer crime" has only... Read More

Free Spyware Removal - Its Not As Easy As It Sounds

Nobody wants to pay to remove spyware. At the very... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More