New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 983
Comments: 19
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
image Phishing: Beware!: ''Phishing'' Identity Theft Is Gaining Popularity image
Phishing
Phishing Identity Theft Is Gaining Popularity
By David Strom
Courtesy of VAR Business

Most of us know by now not to give out our passwords, ATM PINs, or other secret information when requested by e-mail. But an increasing number of people are giving out that information, even those of us who should know better. What makes this doubly annoying is that the scam is an old one, and it has nothing to do with technology per se.

The technique is called phishing, and some very clever crooks use it. Here's how it works. You put together a bunch of HTML-formatted e-mail messages asking people to reconfirm their account information. The messages look like the real McCoy, including corporate logos and from what at first glance looks like a legitimate e-mail address. The two scams that I got recently were from sites that had the eBay and Citibank logos. Both asked me to verify my personal information by clicking on a link in the message that took me to the phished site.

Many people have fallen for this scam - including retired police officers and others who have plenty of experience with the criminal mind. It is amazingly easy to pull off - all you need is a dollar and a dream and some good HTML coding skills to lift the appropriate logos from the true corporate sites. Buy a list of a few million e-mail addresses and you are ready to sit back and watch those passwords roll in, and soon you will have access to hundreds of IDs to harvest.

The Federal Trade Commission has issued a warning but until now it hasn't received much airplay. And several newspapers and Web sites have also covered the topic, including many in the U.K. where phishing seems to be picking up. In addition to the FTC page, here's an anti-phishing site has some useful information and links.

The term has actually been in use since the middle 1990s, but lately either the scam artists are getting better at their HTML coding skills or the intended marks are running better e-mail clients that support more HTML-formatted messages, or perhaps a little of both. According to e-mail protection vendor Brightmail, they are seeing plenty of phishing and brand spoofing scams, accounting for 27% of all e-mails filtered in October. The company, which also sells an anti-fraud screening service as part of its overall product lines in preventing spam and virus attacks, maintains a decoy network with over 2 million e-mail IDs to attract fraudulent emails. It doesn't help matters that people are very comfortable with ordering stuff over the Internet and sending their credit card numbers around cyberspace.

There really isn't a simple cure, however. E-mail filtering products can try to screen out these messages, but it isn't all that easy as the con artists change addresses at the drop of a hat. ISPs can shut down the IP addresses used by the crooks to collect the personal data and host the phony sites that draw in the marks, but again it is staying a few steps behind the bad guys. What it really comes down to is that you and I have to be more vigilant about responding to the come-on message.

I almost fell for the Citibank phish this past summer. But then I wondered why Citibank would be sending a message to my outside e-mail address at CMP, when it has a perfectly good and secure means of sending me messages using the Citibank online banking system. Of course, when I examined the message more carefully I could see that it was going to some external site that had nothing to do with Citibank. What annoyed me more than anything was that it took the bank several months before they posted a message (using their own system of course) before they issued a warning notice to me and their other customers.

The crooks are getting cleverer. Some of the phony site URLs are very, very close misspellings from the actual site addresses, and easy to miss with a quick scan of the domain name.

The moral of the story is never give out your password to anyone at anytime. And have a healthy bit of skepticism when you go through your inbox, and don't immediately respond when you get one of these messages anyway.

Editor's Note: A number of you are accessing e-mail via wireless means. If you are interested in wireless security, developing wireless apps or in just familiarizing yourself with this area, check out www.mobilizedsoftware.com. There's a column on security written by my editor Jennifer Bosavage as well as numerous articles on development and design.

David Strom is Technology Editor at VARBusiness magazine and a long-time technology journalist, including the author of two networking books and thousands of articles. He was the founding editor-in-chief of Network Computing magazine and has consulted for many hi-tech vendors when he ran his own business for ten years in between working at CMP Media. He lives in Port Washington, NY and can be reached at [email protected]

The full article is at SecurityPipeLine
Posted on Monday, 24 November 2003 @ 04:00:00 EST by phoenix22
image

 
Login
Nickname

Password

· New User? ·
Click here to create a registered account.
image
Related Links
· TrackBack (0)
· Linux Artist
· HotScripts
· W3 Consortium
· HTML Standard
· Spam Cop
· More about Phishing
· News by phoenix22


Most read story about Phishing:
Recently UnEarthed Phishing Expedition

image
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent


image
Options

Printer Friendly Page  Printer Friendly Page

image
"Login" | Login/Create an Account | 0 comments
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register