Security Information |
|
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You'd Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Keyloggers and Trojans Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively. Fraudulent websites are on the rise Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated. A Hybrid Scam In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details. This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV). As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order. Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products. Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly. What a user can do to avoid these sites? As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank. Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse. As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive. As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk. Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work. Learn more -- visit the company's websitehttp://www.anti-keyloggers.com
MORE RESOURCES: Opinion | Banning TikTok Won’t Solve Your Data-Security Problem The Wall Street Journal He’s a Security Guard at the Met. Now His Work Is Showing There. The New York Times Why does Trump want Greenland and the Panama Canal so badly? One reason may surprise you - USA TODAY Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data ABC News Remarks at a UN Security Council Briefing on Nonproliferation and the Democratic People’s Republic of Korea United States Mission to the United Nations Sweet Security Partners with Illustria to Offer Proactive Open-Source Supply Chain Risk Management GlobeNewswire Krebs on Security – In-depth security news and investigation Krebs on Security One week later: New Orleans debates security, memorial grows, more chemicals found FOX 8 Local First New in 2025: Counties Should Prepare Now for the Upcoming HIPAA Security Rule Update National Association of Counties Special ops forces seek to manage digital footprints, achieve ‘security through obscurity’ DefenseScoop Pope to celebrate Jubilees for Communications, security forces Vatican News - English White House program to certify the security of IoT devices goes live Cybersecurity Dive U.S. citizen denied entry into Poland after security staff object to handwritten notes in passport ABC News Remarks at a UN Security Council Briefing on the Political and Humanitarian Situations in Syria United States Mission to the United Nations Stowaways on planes and inside landing gear raise worries about aviation security The Associated Press Brillion Achieves SOC 2 Type 2 Compliance, Reinforcing Commitment to Data Security and Privacy Business Wire Opinion | Biden’s ‘security’ concern about TikTok and U.S. Steel is doubly specious The Washington Post New Orleans Homeland Security criticized during terror attack probe WDSU New Orleans Border security is national security Foundation for Defense of Democracies The Rio Treaty's Security Pact and Unintended Consequences of Threatening Canada, Greenland, and Panama Just Security Tidal Cyber Acquires Zero-Shot Security to Enhance Threat Intelligence Mapping Capabilities Business Wire Swimlane Hero helps solve complex security operations problems Help Net Security Security guard catches DJ molesting 12-year-old boy at California mall, officials say Sacramento Bee Who is Acronis’ New Chief Information Security Officer? Cyber Magazine UN aviation agency confirms recruitment database security breach BleepingComputer AITX's RAD-R Welcomes Steve Danelon as President, Strengthening Leadership for Residential Security Solutions GlobeNewswire Fort Smith Public Schools to integrate AI gun detection software in security cameras Northwest Arkansas Democrat-Gazette Orange Bowl pep rally security includes surveillance cams, law enforcement on the ground - CBS Miami Update on former Vigo County Security Annex demolition MyWabashValley.com Security Industry Association Welcomes New Perimeter Security Subcommittee Leaders Security Sales & Integration BreachLock Unveils Unified Security Testing Platform for PTaaS, ASM, Continuous Pentesting, and Red Teaming PR Newswire Alois Brunner, the Nazi ‘butcher’ who trained Syrian security Al Jazeera English Marine Corps bases take increased security posture The Island News – Beaufort, SC When It Comes to Security, Europe Is Whistling Past the Graveyard World Politics Review Synology Launches ActiveProtect: Simplifying Enterprise Data Protection with Unmatched Security, and Scalability Business Wire Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data The Associated Press Security and Sanctions in Post-Assad Syria The National Interest Online Security consultant denied profiteering in defamation case against CNN WMBB - mypanhandle.com 2025 Security Industry Predictions: Jon Adams, Vice President of Sales, DMP Security Sales & Integration Eric Trager tapped for Mideast slot on Trump’s National Security Council The Times of Israel Can Washington handle two weeks of high-security pomp along with a heavy burst of snow? The Associated Press Washington Township Police to launch security risk assessment program for businesses Bellefontaine Examiner New Orleans hires consultant to review security after Bourbon Street attack. See who has the job. NOLA.com New Orleans attack prompts tighter security in D.C. ahead of inauguration, Carter funeral The Chicago Cusader Newark Airport makes list of Top 10 craziest security catches New Jersey 101.5 FM Base steps up security measures following terrorist attacks Mountain Home News Gov. Ivey mourns security detail member Justin Williams, 42, succumbed to cancer Alabama Political Reporter |
RELATED ARTICLES
Watch Out For That Scam The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint submissions for 2004, an increase of 66.6% from 2003. New Mass Mailing Spamming Internet Trojan for the Windows Platform May. 16th 2005 - MicroWorld has reported the discovery of Troj/Sober-Q, which is a mass mailing spamming internet Trojan for the Windows platform. Is Spyware Watching You? Imagine my surprise when I received a phone call from afriend who told me he'd been the victim of a "spyware"attack that left him shaking at his loss of privacy.I listened to his horror story with a sympathetic ear, butI felt secure since I carry anti-virus software and afirewall (both by Norton). Types Of Computer Infections Computer infections can be broken up into 4 main categories which are explained in detail below:VirusesComputer Viruses are small pieces of software that attach themselves to real programs. An example would be a virus that attaches itself onto windows explorer. Detect Spyware Online You can detect spyware online using free spyware cleaners and by installing spyware protection software on your computer. Often it's best to start with free spyware cleaners because these free programs will remove any spyware programs currently running on your computer. Its Time to Sing the Encryption Song - Again! Yes, I'm wearing my encryption hat again. Why you may ask? Well I just finished reading about the newest security hole in Microsoft's latest server product. 7 Ways to Spot a PayPal Scam E-Mail Paypal is a great site and is used by many to send and receive money. Unfortunately some dishonest people are using the Popularity of Paypal to line their own pockets with gold at the expense of unsuspecting Pay Pal members. An Open Letter From a So-called Stupid Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. Are They Watching You Online? When surfing the Internet you probably take your anonymityfor granted, most of us do.Tapping phones, listening to confidential conversations,reading others' e-mail messages seems like something thatonly happens in spy movies to "other" people. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. An Open Door To Your Home Wireless Internet Network Security? This is not some new fangled techno-speak, it is a real tool to be used for the protection of your wireless internet network and LAN. African American SMBs have to realize that if your Internet connection is on 24/7 then your network, and it is a network that your computer is connected to, is at risk. Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers I am the victim of an internet scam. It is very hard to write that sentence, but it's necessary in order to warn my fellow clowns, magicians and other entertainers, and to prevent them from being taken for $2,800. Phishing - A High Tech Identity Theft With A Low Tech Solution Have you ever got an email asking you to confirm your account information from a bank or a company that you have never done business with? The email looks official and it even has a link that appears to take you to the company's website. The email you have received is actually from an identity thief. If You Steal It, They May Come! Business on the internet is getting down right shameless. This week, my email box was literally filled with hype, overly inflated promises, phish mail, scams, ezines I did not order, and about 14 viagra gimmicks. Its War I Tell You! There are ways to insure security though. You can get the Windows Update CD from Microsoft and install that before you get online, You can also get most Antivirus Definitions downloaded and save them to disk, then install those before you go online, (of course you have to be using that Product in the first place), and you can get Anti-Spyware on a disk and do the same. Online Cell Phone Scams and Spam They're out there. Individuals trying to make a quick buck at your expense. Firewall Protection - Does Your Firewall Do This? The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!So anti-virus software is the answer?An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Just Whos Computer is this Anyway? Well, this is an article I never thought I would have to write. Computer ownership was just not something I thought people would get confused over but, after overhearing a number of conversations last week from my co-workers, I realized that quite a few people just don't know how cut and dry this topic is. How To Avoid Hackers From Destroying Your Site? Recently, my site and other internet accounts ( http://www.nabaza. The Saga of the Annoying Adware When we think of adware, what comes to mind are those annoying and pesky ads that pop up out of nowhere whenever we are surfing the net. Anybody who has surfed through the net has encountered those irritating pop-up adwares advertising everything from computer software down to Viagra. |
home | site map |
© 2006 |