![]() | |
![]() | |
![]() |
Security Information |
|
![]() |
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You'd Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Keyloggers and Trojans Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively. Fraudulent websites are on the rise Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated. A Hybrid Scam In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details. This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV). As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order. Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products. Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly. What a user can do to avoid these sites? As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank. Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse. As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive. As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk. Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work. Learn more -- visit the company's websitehttp://www.anti-keyloggers.com
MORE RESOURCES: Private Security Guards Have Become a Last Resort for Public Safety The New York Times Netanyahu said to meet Ben Gvir one-on-one after minister left out of security talks The Times of Israel Couple voices concern after security camera shows men shooting arrows across OKC neighborhood street KFOR Oklahoma City UN Security Council Authorizes Multinational Security Support ... Department of State Statement by National Security Advisor Jake Sullivan on UN ... The White House CAC proposes eliminating data security assessments for some ... International Association of Privacy Professionals ARPA-H awards research contracts to advance health data security ... - American Hospital Association ARPA-H awards research contracts to advance health data security ... American Hospital Association Knoxville woman billed for security system for months after removing it WATE 6 On Your Side Security risk leads to new barriers in downtown Sacramento KCRA Sacramento Three loaded guns caught at Pittsburgh International Airport last week Transportation Security Administration Biden’s Gulf allies want an ‘ironclad’ security pact with the US. Here’s what it might look like CNN UW Security and Fire Safety Report Now Available University of Wyoming News Programme of Work for October 2023 : What's In Blue Security Council Report Criminal Gangs Exploit Security Gaps to Infiltrate Airports The Wall Street Journal Employment – Public policy exception – Security deficiencies Massachusetts Lawyers Weekly Metro law enforcement agencies coming together to provide security for the Mississippi State Fair WAPT Jackson To Bolster SCADA Network Security, Know Your Inventory BizTech Magazine EU Innovation Hub for internal Security Annual Event European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) NYC college student sentenced to year in Dubai prison after touching airport security guard's arm New York Post Fighting AI Cybercrime with AI Security tripwire.com Security expert reveals six-figure cost of threats to schools in Wilkes ... WXII12 Winston-Salem FACT SHEET: Impact of a Government Shutdown on the DHS ... Homeland Security Escambia, Santa Rosa County courthouses investigating security ... Pensacola News Journal Chalk: Open-source software security and infrastructure visibility tool Help Net Security Closing Hidden Security Gaps in Zero Trust Architectures Insider Homepage Redirects Man shot in struggle with Dallas security guard, police say FOX 4 News Dallas-Fort Worth 2nd Circuit rules JP Morgan's syndicated loan is not a security | ABA ... ABA Banking Journal Worcester police arrest security guard after he tried boxing in alleged reckless driver, shot at vehicle Boston News, Weather, Sports | WHDH 7News Remarks by Ambassador Linda Thomas-Greenfield During a ... United States Mission to the United Nations Netanyahu claims ties with Ben Gvir fine, denies security meeting snub The Times of Israel Pakistan Launches Anti-Polio Vaccine Drive Targeting 44M Children ... U.S. News & World Report IDF said to study security implications of possible Saudi normalization deal The Times of Israel 15 Embarrassing Lapses in National Security Cracked.com Forest Service completes soil burn security analysis on Smith River ... KOBI-TV NBC5 / KOTI-TV NBC2 Madagascar security forces fire tear gas on opposition candidates Africanews English Angels Security Confiscates Negative Sign from Young Fan Sports Illustrated Biden-Harris Administration Announces Final National Security ... US Department of Commerce Designating Actors Undermining the Peace, Security, and Stability of ... Department of State Comprehensive Security Integration and Prosperity Agreement ... Department of State Biden Administration Announces Additional Security Assistance for ... Department of Defense Suspicious skull found in luggage prompts security scare at Utah airport FOX 4 News Dallas-Fort Worth Readout: U.S. - Mexico Meeting on Joint Actions to Further Enhance ... Customs and Border Protection Blink 3rd- and 4th-gen security cameras are up to 60 percent off ahead of October Prime Day Engadget Data-driven cyber: empowering government security with... - NCSC ... National Cyber Security Centre New U.S.-Poland Foreign Military Financing Direct Loan Agreement ... Department of State Department of Homeland Security Announces Distribution of More ... Homeland Security |
![]() |
![]() |
![]() |
RELATED ARTICLES
The Importance of Protecting Your PC from Viruses and Spam Today the internet is a mine field of malicious code looking to harm your computer. Hackers want to have access to your PC for both fun and profit. Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk The trash folder in my main inbox hit 4000 today. Since I never throw anything out, I know that what's in there is courtesy of my email filter which is set to automatically delete anything that is forwarded from my work account from a certain person. Anti-Spyware Protection: Behind How-To Tips There is no doubt that "how-to articles" have become a separate genre. One can find such an article about almost anything; there are even some entitled "How to Write a How-To Article". 6 Ways To Prevent Identity Theft These six ways to prevent identity theft offer you valuable tips against the fastest growing crime in America today. In 2004, more than 9. Spyware is Not Like a Nosy Neighbor Remember the television show about the nosy neighbor Mrs. Kravitzalways peeking out her window or over the fence, sometimes evenknocking on the door just to find out what was going on in herneighborhood? If you don't wait a month or so and the DVD orthe movie will be out. Pharming - Another New Scam Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data. Spyware, This Time Its Personal! First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission.. Phishing - Identity Theft & Credit Card Fraud What is Phishing?Phishing is a relatively newly coined term for a kind of method for harvesting information for identity theft. Phishing is quite simply providing a person with false information or credentials to trick them in to giving you their personal information. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Keeping Worms Out of Your Network... No auntie Sookie, not earth worms, computer virus worms that can get to you computer and slowly dig deep into your files and eat them away. Put that eggnog down and I'll tell you some more about these new worms. Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge Is your enterprise following the rules?The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Be Aware of Phishing Scams! If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Protecting Your Children On The Internet If you are a parent, as am I, I think we can agree there is little else more important than keeping our children safe and protected. It's difficult enough keeping them safe from the unscrupulous people we read about in the news, but dealing with children and the Internet takes it to a completely new level. Passwords or Pass Phrase? Protecting your Intellectual Property Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. Is Your Music Player Spying On You? In today's times spyware is a very serious issue and all computer users should be aware of the possible damage it can cause. It is estimated by well known industry insiders that nearly 90% of all computers are infected with some kind of spyware. With the Rise of Internet Crimes, Users are Turning to High-Tech "PI's" for Solutions High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days. Steganography - The Art Of Deception & Concealment The Message Must Get Through-----------------------------The year is 300A.D. 3 Pervasive Phishing Scams Scams involving email continue to plague consumers across America, indeed the world. These so called "phishing" scams involve "spoofed" emails meant to draw the unwary to bogus internet sites masquerading as legitimate sites. ![]() |
home | site map |
© 2006 |