Phishing
Social-engineering hacking done through e-mail.
A hacker sends out bogus e-mail, or phish, that looks like it's from the billing or security department of a popular Web destination, advising the recipient that his or her credit-card information is needed to clear up a billing or security problem. The recipient is advised to click on a link that typically looks like it might be from that destination; if he or she does, the hacker then collects credit-card data.
Sometimes, the phish makes the link look even more authentic by using a quirk of Internet addressing that allows for a redirect away from a legitimate site - if you put an "at" symbol after a legitimate address, then follow that by another URL, the browser will send the user to the other URL.
A July, 2003 report from the IDG News Service explains the workings of one such effort:
The boy's scam allegedly worked like this: Posing as AOL, he sent customers e-mail saying there had been a problem with the billing of their AOL account. The e-mail warned AOL customers that if they did not update their billing information, they risked losing their AOL accounts, and it directed customers to click on a hyperlink to connect to the AOL Billing Center.
When customers clicked on the link, they ended at the defendant's site, which included AOL's logo, type style, and links to real AOL Web pages. The defendant's AOL look-alike page directed consumers to enter the numbers from the credit card they had used to charge their AOL account, then asked consumers to enter numbers from a new card to correct the problem. The defendant's page also asked for consumers' names, mothers' maiden names, billing addresses, social security numbers, bank routing numbers, credit limits, personal identification numbers, and AOL screen names and passwords.
The defendant used the information to charge online purchases and open accounts with PayPal, and he used consumers' names and passwords to log on to AOL in their names and send more spam. He also recruited others to participate in the scheme by convincing them to receive fraudulently obtained merchandise he had ordered for himself.
From FTC settles with young ID thief, IDG News Service, 07/21/03.
Additional resources:
Phear of phishing
More detailed look at phishing. Network World, 05/31/04.
Anti-phishing.org
Latest anti-phishing news from an industry group trying to curb the practice. Site has examples of phishing messages and links to related resources.
Latest phishing news from Network World Fusion
License server glitch exposes SonicWall users to threats
Dec. 03, 2008
A technical problem in a license management server at SonicWall created havoc Tuesday for users of the company's e-mail security products, leaving many customers temporarily unprotected against spam, phishing and ...
FBI warns of holiday cyber scams; Experts to Feds: Sign the DNS root ASAP
Dec. 02, 2008
With cyber Monday comes an FBI warning against spam containing malware and phishing attempts that appear to be greeting cards and ads for shopping bargains; Internet security gurus and leading vendors are urging the U.S ...
FBI warns of holiday cyber scams
Dec. 01, 2008
With cyber Monday comes an FBI warning against spam containing malware and phishing attempts that appear to be greeting cards and ads for shopping bargains.
Phishers and scammers use bleak economic news to lure victims
Oct. 02, 2008
Lots of Phishing, Spam and Scam news today. Looks like the down economy is proving to be a lucrative lure for scammers, who are using the stock and credit market woes in phishing attacks featuring Bank of America and ...
More ways to protect yourself from phishing
Aug. 06, 2008
In my recent Editors' Notes post on Consumer Reports' recommendation that Mac users dump Safari because the Apple browser lacks the anti-phishing tools of Firefox and Opera, I focused on behavioral changes one can make ...
1 2 3 4 5 6 7 8 9 10 
Add a comment
