What is phishingPhishing, also known as "brand spoofing", is an elaborate form of data theft, targeting possible clients of ISP companies, banks, online banking services, government agencies etc.
When submitting your email address on the Internet, filling in online forms, accessing newsgroups or websites, your data can be stolen by Internet crawling spiders and then used without your permission to commit fraud or other crimes.
The Phishing Concept
Phishers develop counterfeit webpages, which imitate the corporate image of well-known, trusted service providers. Then, using collected or random generated email addresses, they "throw the bait".
A message with a credible subject is sent by email or instant messenger, asking for confidential data, inviting you to access a website ( 'Click Here' link; URL link; Image link; Text link) or even to fill in a form in the email itself. It looks like a plausible request and it even comes with a dire consequence, to get your immediate reaction.
Examples of email subject:
"Update Your PayPal Account"
"Your eBay User Account has been suspended!"
The required information is usually:
$ Credit card number;
$ ATM PIN and TAN number;
$ Bank account information;
$ Social Security Number;
$ Passwords;
$ Email accounts;
$ Other personal information.
Once entered, the user's information is no longer confidential and it is immediately used by the fraudsters in their own interest. It is usually very difficult to get the money back, as the phishing sites are generally online for a few days or even just hours.
Phishing Techniques
The main method is using a trustworthy-looking email, which tries to lead you to a fake web page. Some phishing emails contain an application or order form directly in the message body. You should know that officials will never send you an email containing a form or asking for personal information.
On the fake website you might notice that the URL is not the correct one. Still, there are ways to fake the URL:
Social engineering:
The URL is very similar to the real one and you might just notice this on the first view. For example the real URL http://www.volksbank.com can be faked with http://www.voIksbank.com . If you think they are the same – not true! The lower case ‘l’ letter is replaced with the upper case ‘i’ letter.
Browser vulnerabilities:
The fake website may contain a script to exploit your browsers. In this case, the real URL is displayed, but the content of the web page is the one from the fake server. One example is to display a fake picture on top of the browsers real address bar. You can not ‘click’ in the bar’s input field to mark the URL. Other exploits allow a fake input field displayed on top, so it will be even possible to click into the field and mark the URL.
Pop up’s:
The link in the email points to the real website, but another browser window is displayed in front. Practically you can browse the real website without risk, but don’t get tricked by the second window. Those pop up's usually do not have an address bar to help identify a fake website.
No address bar:
Some fake sites do not display the address bar at all and unless you specifically look for it, you might not notice this.
There are other techniques, apart from playing with the address bar, which can be used in addition or stand-alone, to get access to confidential information.
Other browser vulnerabilities:
Some other vulnerability in your browser can be used to download and execute any malicious software. Such malicious software may be a Trojan that records all keystrokes and monitors all Internet traffic, especially when you are going to enter and submit data in an online form.
Pharming:
Also known as “domain spoofing”, it is used to redirect the users to a fake website. Although you type the correct URL in your browser, you are redirected to a fake website. The correct URL remains in your browser, without change. In order to accomplish the redirection process, the name resolution has to be modified. This can be done either by changing the TCP/IP protocol settings or by an entry in the hosts file.
Man in the middle:
Probably the most sophisticated method, as nothing has to be changed on the local computer. The phisher is located in between and redirects your connection to a fake server.
Phishing Camouflage
The phishing website might use other tricks such as:
Forged tooltip,
Right-click inaccessible.
Phishers avoid being detected by antispam/ antiphishing programs using:
Random letters or famous quotes in the subject or in the body of the email;
Invisible text in HTML emails;
HTML or Java content instead of plain text;
Pictures only (no other text in the email body).(avira.com)
How to handle Phising - Click here
No comments:
Post a Comment