![]() | |
![]() | |
![]() |
Security Information |
|
![]() |
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You'd Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Keyloggers and Trojans Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively. Fraudulent websites are on the rise Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated. A Hybrid Scam In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details. This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV). As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order. Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products. Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly. What a user can do to avoid these sites? As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank. Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse. As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive. As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk. Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work. Learn more -- visit the company's websitehttp://www.anti-keyloggers.com
MORE RESOURCES: Security expert: Nashville school shooting should serve as a wake up call for similar schools in Nor CBS News Harris Pledges Security Assistance, Partnership in Ghana Visit Voice of America - VOA News Microsoft pushes OOB security updates for Windows Snipping tool flaw BleepingComputer College athlete influencers confront security concerns Honolulu Star-Advertiser Executive Order on Prohibition on Use by the United States ... The White House Biden bans government use of commercial spyware that may pose a ... SiliconANGLE News Running a security program before your first security hire Help Net Security Balancing security risks and innovation potential of shadow IT teams Help Net Security Japan’s new security policies: A long road to full implementation Brookings Institution Roof replacements, security vestibules among improvements in ... Alaska Public Media News Counter-Terrorism: High-level Debate : What's In Blue Security Council Report Survey Surfaces Need to Change SecOps Priorities Security Boulevard UN Security Council turns down request for Nord Stream inquiry Al Jazeera English Importance of school security FOX 13 Tampa WCPS starts security assistants program to curb student misbehavior Herald-Mail Media UA releases security assessment outlining systemic safety issues Arizona Public Media LA Metro adding new security officers amid safety concerns FOX 11 Los Angeles Tausight expands its AI-based PHI Security Intelligence platform to ... Help Net Security NEW: Shaheen Leads 37 Senators in Letter to Pentagon ... Senator Jeanne Shaheen What you need before the next vulnerability hits Help Net Security Improve Mobile Device Security with this HC3 Checklist HIPAA Journal Why cybersecurity risks matter - and how to raise security World Economic Forum College Athlete Influencers Confront Security Concerns NBC4 Washington SLED investigating after late-night shooting at SC State, university adds security measures WIS News 10 Israel defense minister’s firing triggers security fears, reservist call-ups and greater protests Breaking Defense Under pressure, St. Louis' Railway Exchange boosts security to ... St. Louis Post-Dispatch Commerce Department Outlines Proposed National Security ... US Department of Commerce Secretary Mayorkas, Administrator Criswell Visit Devastated Areas ... Homeland Security Meandering Moose Breaches Security At Sinclair Oil Refinery Cowboy State Daily New for Devs in SQL Server 2022: Ledger for Blockchain-Backed ... Visual Studio Magazine Rising Rate of Drug Shortages Is Framed as a National Security Threat The New York Times Maryland native works to help others with food security News 13 Orlando Las Cruces Police Department advises against posting doorbell security footage online - KFOX El Paso Pasquotank officials discuss county courthouse repairs, security ... The Daily Advance Opinion: Sensible legislation would 'sentence' gun security violators ... Chattanooga Times Free Press Detroit Zoo beefs up security after unusual activity suspected at the ... WXYZ 7 Action News Detroit Senators Introduce Bipartisan Bill to Tackle National Security ... Senator Mark Warner Ukraine-Russia updates: Kyiv seeks UN Security Council meeting Al Jazeera English Fact Sheet: Biden Administration's National Security Memorandum ... Homeland Security TSA issues new cybersecurity requirements for airport and aircraft ... Transportation Security Administration The Case for a Security Guarantee for Ukraine Foreign Affairs Magazine TikTok Pushed by U.S. to Resolve National Security Concerns The New York Times FACT SHEET: President Biden’s Budget Strengthens Border ... The White House FACT SHEET: Biden-Harris Administration Announces National ... The White House Biden Administration Announces Additional Security Assistance for ... Department of Defense After Denver school shooting, an outcry erupts over security The Associated Press President Biden Joins DHS To Recognize Twenty Years of Progress ... Homeland Security Topeka senator calls for security as frustrations flare at Kansas anti ... The Topeka Capital-Journal |
![]() |
![]() |
![]() |
RELATED ARTICLES
The Importance of Protecting Your PC from Viruses and Spam Today the internet is a mine field of malicious code looking to harm your computer. Hackers want to have access to your PC for both fun and profit. Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk The trash folder in my main inbox hit 4000 today. Since I never throw anything out, I know that what's in there is courtesy of my email filter which is set to automatically delete anything that is forwarded from my work account from a certain person. Anti-Spyware Protection: Behind How-To Tips There is no doubt that "how-to articles" have become a separate genre. One can find such an article about almost anything; there are even some entitled "How to Write a How-To Article". 6 Ways To Prevent Identity Theft These six ways to prevent identity theft offer you valuable tips against the fastest growing crime in America today. In 2004, more than 9. Spyware is Not Like a Nosy Neighbor Remember the television show about the nosy neighbor Mrs. Kravitzalways peeking out her window or over the fence, sometimes evenknocking on the door just to find out what was going on in herneighborhood? If you don't wait a month or so and the DVD orthe movie will be out. Pharming - Another New Scam Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data. Spyware, This Time Its Personal! First the basic definition of Spyware: It is a type of software which is installed onto your computer without your permission.. Phishing - Identity Theft & Credit Card Fraud What is Phishing?Phishing is a relatively newly coined term for a kind of method for harvesting information for identity theft. Phishing is quite simply providing a person with false information or credentials to trick them in to giving you their personal information. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Keeping Worms Out of Your Network... No auntie Sookie, not earth worms, computer virus worms that can get to you computer and slowly dig deep into your files and eat them away. Put that eggnog down and I'll tell you some more about these new worms. Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge Is your enterprise following the rules?The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such as the Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Be Aware of Phishing Scams! If you use emails actively in your communication, you must have received various messages claiming to be from Ebay, Paypal and a number of banks. A recent email as if from U. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. How Did This Happen to Me? Top 10 Ways to Get Spyware or Viruses on Your Computer If you use the internet, you have probably been infected with a virus, trojan or spyware. According to the SANS Internet Storm Center, the average unprotected PC is infected within 20 minutes of normal internet usage. Protecting Your Children On The Internet If you are a parent, as am I, I think we can agree there is little else more important than keeping our children safe and protected. It's difficult enough keeping them safe from the unscrupulous people we read about in the news, but dealing with children and the Internet takes it to a completely new level. Passwords or Pass Phrase? Protecting your Intellectual Property Much has been said on the theory of password protection for files, computer login, and other network access. In the past we used a combination of letters, special characters, and other techniques to try and prevent unwanted or unauthorized access to our computers, resources, and networks. Is Your Music Player Spying On You? In today's times spyware is a very serious issue and all computer users should be aware of the possible damage it can cause. It is estimated by well known industry insiders that nearly 90% of all computers are infected with some kind of spyware. With the Rise of Internet Crimes, Users are Turning to High-Tech "PI's" for Solutions High-tech private investigators are becoming the answer for many Internet users who have been victimized online. The use of e-mail by that unethical element lurking in cyberspace rings all too common these days. Steganography - The Art Of Deception & Concealment The Message Must Get Through-----------------------------The year is 300A.D. 3 Pervasive Phishing Scams Scams involving email continue to plague consumers across America, indeed the world. These so called "phishing" scams involve "spoofed" emails meant to draw the unwary to bogus internet sites masquerading as legitimate sites. ![]() |
home | site map |
© 2006 |