Phishing

Recently I have received email from my bank/credit Card Company, eBay & pay pal saying that my account has possibly been compromised and I need to confirm my details and password in order to get continued access.

Spam email now has a new and more frightening variant, it's called phishing and it has been made by criminals and hackers who aim at getting unwitting consumers to reveal account numbers and passwords.

Usually after getting an email like the ones mentioned above from reputable companies, most of us would race to respond as quickly as possible. However, in most cases you will find that you won't be helping anyone other then the criminal who wrote that email and who has nothing to do with the actual organizations.

What is Phishing?

It is when someone creates false email that pretends to be from a bank or other authority, but which is actually designed to collect sensitive information such as passwords. This process of stealing information used for fraudulent purposes is the latest problem to plague Internet users. It is a phenomenon know as phishing i.e. emails 'fishing' for important information.

Just like Spam, phishing mails are sent to the widest possible audience so it's not unusual to receive a message asking you to confirm account details from an organization you do not actually deal with. You may be asked to fix up your eBay account when you haven't even got one!

In addition to collecting sensitive information many phishing messages try to install spy ware, Trojans etc. allowing hackers to gain backdoor entry into computers.

Types of Phishing Emails:

Some phishing emails ask for a response by email.

Some emails include a form for collecting details that you are told to fill out.

Some even include a link to a web site that resembles the actual site you expect to visit, but is actually a clone of the original site.

Number of active phishing sites reported in March, 2005: 2870

Number of brands hijacked by phishing campaigns: 78

Contains some form of target name in URL: 31%

Country hosting the most number of phishing sites: United States of America

Source: http://www.antiphishing.org

Phishing attacks can be really sophisticated. Some time ago a flaw in Internet Explorer allowed hackers to display a false address while redirecting the user to an entirely different site making it almost impossible to distinguish a phishing attack from a legitimate email.

Possible solutions:

New technologies can provide a better means of countering phishers. One option being explored by a lot of banks is the use of a secure token, a small electronic gadget that generates a unique password to be entered each time a user logs onto the web site. This would make a phishing attack useless because without the physical possession of a token it is impossible to access the account. This approach is somewhat similar to what is used at Automated Teller Machines around the world where you need to have both the card and the Pin number in order to use the machine.

One option is to use a technology popularly knows as PassMarks that effectively acts as a second password. After entering the user name a unique image pre selected by the user is displayed before s/he is asked for the password. If the proper image is not displayed the user will come to know that s/he is not on the authentic site. Another option that a lot of organizations are exploring is using text messages instead of email messages. Text messages cost money to send, so Spammers are less likely to partake in the process making it easier to distinguish between legitimate messages and fakes.

Ashish Jain
M6.Net Web Helpers
http://www.m6.net

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

TechCrunch

In the NYC enterprise startup scene, security is job one
TechCrunch
While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world's biggest banks and financial services companies are located there, it would ...

and more »

WIRED

Xbox Hacking, LinkedIn Bugs, and More Security News This Week ...
WIRED
If you haven't read this month's WIRED cover story about teen hackers who went too deep into Microsoft Xbox's systems, make that your first stop. In more current news, the White House sent mixed messages on cybersecurity policy this week, calling out ...

and more »

The US- China Face-off: Is It About Trade? Or National Security?
Fortune
In theory, the U.S. Commerce Department's move earlier this week to slap a seven-year ban on the sale of American products to ZTE Corp., China's second-largest telecommunications equipment manufacturer, was all about national security and had nothing ...

and more »

Fortune

Twitter Bans Ads from Russian Computer Security Company Kaspersky Lab
Fortune
Twitter has banned ads on its service from Russian security software maker Kaspersky Lab, after the U.S. government prohibited agencies from using its products because of alleged ties to the Russian government. The ban, confirmed by Twitter to Reuters ...
Twitter banned Russian security firm Kaspersky Lab from buying adsTechCrunch
Kaspersky banned from advertising on Twitter over security fearsTelegraph.co.uk
Twitter Ads policies - Twitter for BusinessTwitter for Business
Reuters -Homeland Security -Ars Technica -Kaspersky Lab
all 44 news articles »

TMZ

Rapper Belly Wailed On by Coachella Guards ... Crazy Vid During The Weeknd's Set!!
TMZ
Belly was the recipient of several flying fists from security guards during The Weeknd's performance at Coachella ... even though the rapper performed at the fest earlier in the night. Belly -- who actually has a hit song with The Weeknd -- was in a ...

and more »

Fox News

Mary Berry discusses airport arrest after security mistook her flour for ...
Fox News
Unsurprisingly, her sense of humor got her through the ordeal.

and more »

CryptoSlate

Crypto Trade Group Pressures SEC to Exempt Ethereum From ...
CryptoSlate
An alliance of lawyers, venture capitalists, and entrepreneurs have recently met with the US Securities and Exchange Commission to petition for the creation of cryptocurrency “safe harbors” for specific cryptocurrencies and tokens, including Ethereum ...
US Regulators Asked Not to Classify Ethereum as a Security: NYT ReportCCN
Major VC Firm Asked SEC to Not Categorize Cryptocurrency as SecuritynewsBTC
Venture Capitalists Seek 'Safe Harbor' for Virtual CurrenciesNew York Times

all 24 news articles »

Newsday

LI school districts weigh adding security, programs vs. cutting taxes ...
Newsday
Surveys of Long Island school districts' proposed 2018-19 budgets confirm that taxes are increasing at a greater pace, with much of the extra money earmarked for security guards and other safety measures. A Newsday sampling of district spending plans ...

and more »
Google News

Why Corporations Need to Worry About Phishing

Phishing is a relatively new form of online fraud that... Read More

5 Tips For An Unbreakable Password

Despite the current wave of identity theft and corporate security... Read More

Three-pronged Trojan Attack Threatens Security on the Internet

Glieder (Win32.Glieder.AK), Fantibag (Win32.Fantibag.A) and Mitglieder (Win32.Mitglieder.CT) are not names... Read More

Protecting Your Identity On The Internet

Afraid that someone is monitoring your PC or installed a... Read More

Dont Fall Victim to Internet Fraud-10 Tips for Safer Surfing

The Internet offers a global marketplace for consumers and businesses.... Read More

Spyware ? Your Web Browser is the Culprit!

My first experience with a spyware BHO based infection was... Read More

Watching the Watchers: Detection and Removal of Spyware

If spyware were a person and he set himself up... Read More

The One Critical Piece Of Free Software Thats Been Overlooked

Can You Prevent Spyware, Worms, Trojans, Viruses, ... To Work... Read More

Dont Get Hacked - A Guide to Protecting Your Business from Thieves

You've seen it in the news - 40 million credit... Read More

Internet Privacy

Over the past few years as the internet has become... Read More

Hacking the Body Via PDA Wireless Device

First I would like to stress I am condoning the... Read More

Temporary Internet Files - the Good, the Bad, and the Ugly

A little bit of time invested into learning about internet... Read More

Free Antivirus Security Software: Download Now to Eliminate Spyware, Pop Up Ads, etc.

Adware. Spyware. Pesky pop up ads. Internet congestion. Computer malfunctions... Read More

Click Here To Defeat Evil

Microsoft routinely releases new security updates, many of which are... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Online Shopping: 10 Tips For Safe Online Shopping

Have you ever bought a product or service from the... Read More

Spyware Attacks! Windows Safe Mode is No Longer Safe

Many of us have run into an annoying and time-consuming... Read More

New Mass Mailing Spamming Internet Trojan for the Windows Platform

May. 16th 2005 - MicroWorld has reported the discovery of... Read More

Social Engineering - The Real E-Terrorism?

One evening, during the graveyard shift, an AOL technical support... Read More

The Never Ending Spyware Story

It's been with us since 1993, it's gotten more intrusive,... Read More

Another Fine Mess!

I'm in the Anti-Spyware business, and I'm doing a lot... Read More

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

5 Simple Steps to Protect your Digital Downloads

A couple of days ago, I was searching for a... Read More

Crack The Code - Thats A Direct Challenge

I Challenge You To Crack The Code ------------------------------------- I had... Read More

Dont Allow Hackers to Take Out Money from Your Bank Account

If you know what is the 'Fishing' then it's very... Read More