Archive

Archive for the ‘Phishing’ Category

What is a spear phishing scam

August 12th, 2008

ou’ve probably heard of phishing scams: fraudulent e-mail messages or fake Web sites designed to steal your identity. Scam artists “phish” in an attempt to persuade millions of people to disclose sensitive information. For information on standard phishing scams, see Recognize phishing scams and fraudulent e-mails.

What is a spear phishing scam?

Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group.

Spear phishers often customize e-mails with information they’ve found on Web sites, blogs, or social networking sites like Facebook or MySpace. They also might create fake social networking login pages to lure people into sites where they’re used to entering personal information.

The message might look like it comes from your employer, or from a colleague who might plausibly send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.

The truth is that the e-mail sender information has been faked or “spoofed.” Where traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company’s entire computer system.

If you respond with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, you might become a victim of identity theft and you might also put your employer or group at risk.

Spear phishing also describes scams that target people who use a certain product or Web site. Essentially, scam artists will use any information they can to personalize a phishing scam to as specific a group as possible.

The good news is that you can help avoid spear phishing scams by using some of the same techniques you already use to help avoid standard phishing scams.

More at Microsoft

Phishing , , ,

Gmail secure paypal and ebay users

July 14th, 2008

Phishing emails are being used by the hackers to obtain data of the email users. The emails which they target is not on specific peoples. They just send emails in bundle to different email addresses and waitfor the peoples who do mistake of clicking the phishing link becomes victim and their personal data fall in the hands of phishers who use this to hack their personal accounts etc.

It’s good news for all PayPal and Ebay customers. You don’t have to worry about phishing mails if you have a Gmail account. Phishing mails are a kind of spam mails that try to deceive the account holder to gain access to their valuable account information like password . Although, Google already have spam filters in place in their Gmail servers, many spam mails still come through these spam filters. Now onwards, Any mail coming from PayPal or Ebay will be delivered to customers inboxes only if they are digitally signed using DomainKeys and DomainKeys Identified Mail (DKIM) tools. They won’t even go to spam folder.

I think its a good move by gmail to secure the email users. Now the user can feel confidence on gmail services as this type of effort had been taken by yahoo long time ago.

Phishing , , ,

Measures for phishing attacks

May 22nd, 2008

 Do not ever reply to any e-mail that asks you for any personal or financial information no matter how official it looks. Banks, credit card companies, brokers, the government and any other legitimate entity will never ask you to click on a link and supply any kind of personal or financial information. If they include a telephone number for you to call, don’t! If you feel that the message is legitimate then look up the actual web site address, or telephone number, from a statement or invoice and use it. Even if the link in the email looks real, it isn’t. It’s easy to make a link look like it goes to one web site but really have it go to another.

Never give any sensitive personal information out to anyone who calls you and asks for it. Simply ask for their name, telephone number and extension and tell them you’ll call them back. Then, check that telephone number against a number that you find on a statement or receipt. If it doesn’t match, call the number that you found and tell someone what’s going on. If it’s a real message they’ll figure it all out for you. If it’s a fraud, they’ll tell you. If all of this advice comes too late for you because you already fell for the phishing trick hook, line and sinker, then you have to take immediate action for damage control. Immediately contact the actual company, bank or other agency, explain what happened and then let them close your account and issue you a new one. You should also contact the authorities and file a report. this will protect you later if creditors come after you for bills that the thieves ran up in your name. If you live in the U.S. you can learn more about phishing by visiting the Federal Trade Commission Web site at www.ftc.gov or calling toll-free 877-382-4357. Canadian residents should visit the RECOL (Reporting Economic Crime Online) web site at www.recol.ca. U.K. residents can go to www.met.police.uk/fraudalert/identity_theft.htm for more information. Computer security is a serious and ongoing issues which requires your constant vigilance. Don’t let your guard down or you could end up being a victim.

Phishing , ,

How to recognise a scam

January 29th, 2008

â–  catch you unawares, contacting you, without you asking them to, by phone, email, post orsometimes in person

■ sound pleasant, well spoken and kind (on the phone or at your door) and want you to thinkthey’re your friend

â–  have slick, professional leaflets and letters

â–  be persistent and persuasive

â–  rush you into making a decision

■ ask you to send money before you receive their tempting offer or win. 

They offer you somethingfor nothing

■ you’ve won a prize in a draw or a lottery (even though you haven’t entered one)

■ an exclusive entry to a scheme that’s a surefire way to make money

â–  a way to earn easy money by helping them get untold millions out of their country

â–  the chance to join an investment scheme that will make you huge amounts of money; and so on.

Dont take any action which will cause you hurt. Try to ignore them. These kind of scam hit you bthrough emails or websites also.

Phishing , , ,

Phishers started baiting to target holiday shoppers

December 10th, 2007

Holiday shopping is at the peak and on the other hand the phishers have also prepared their rods. Many of the shoppers will be victimized. Holidays are the easiest time for phishers to strike, because online sites are sending millions of legitimate e-mails to consumers, making it even harder than normal to tell the difference between real e-mail and a fake ones.With legitimate e-mails confirming purchases or letting shoppers know that their items have shipped flooding inboxes, it’s easy for criminals to mimic them and trick recipients into offering up personal information. The following tips can be use to avoid phishing attacks.

  • Do not respond to emails asking for any personal or financial information.
  • Legitimate companies will never ask you to verify or provide any confidential information in an unsolicited email
  • Be cautious when clicking on links within a suspicious email.
  • Most phishing emails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information. Though the web page may contain official logos and look exactly the same as the legitimate company’s web site, any information submitted via these spoofed web page(s) will be sent to the perpetrators of the scam.
  • If you have any doubt regarding the authenticity of a web site you have been directed to in an email, we strongly recommend that you open a new browser and type the known URL of the company in the browser yourself, or call the company directly via telephone.
  • Never log in or enter private information in a pop-up window.
  • Be alert for suspicious emails
  • Urgent account notifications that are not addressed to you personally but which require action on your part relating to your account(s).
  • Customer notifications that contain incorrect spelling or poor grammar.
  • .Account/billing email notifications from credit card firms or other financial institutions that do not reference the last few digits of your account number, or that contain no specific details pertaining to your account/billing information or activity
  • Account notifications that are delivered to your Bulk Mail folder.

By taking into consideration up tips one can be safe from phishing attacks.

Phishing , , ,

no silver bullet or single solution to stop or combat spam

November 28th, 2007

There is no silver bullet or single solution to stop or combat spam, phishing and online deception — it takes a combination of innovative technologies, user education, effective and strong enforcement, and collaboration with industry, business, and governments. The Sender ID Framework is an example of a simple yet innovative, cost effective and easy-todeploy solution, developed in collaboration with organizations throughout the world. SIDF has two parts: a DNS record that identifies SMTP servers authorized to send e-mail,
and an authentication mechanism that uses that DNS record to verify that inbound e-mai is from an authorized server. Together with reputation data, SIDF plays an important role in the fight against spam by authenticating the sender and applying reputation data. This enables valid messages that might otherwise be identified as bad to be delivered to the
Inbox, and conversely keeps messages that are spoofed and do not pass authentication out
of the Inbox. In doing so, SIDF helps protect users from unwanted e-mail, delivers the email
that users want, and helps keep company brands protected from bad messages that
may hurt their reputation and expose their customers to risk.
Sophisticated spammers recognize that domains that have implemented SIDF are highly
resistant to spoofing and phishing attacks and are not worth their time. As adoption of SIDF
has increased, we have witnessed spammers moving to softer targets, providing early
adopters of SIDF a competitive advantage. Large international banks, online retailers such
as eBay and PayPal, and online service providers such as GoDaddy.com and Windows Live
Hotmail have all implemented Sender-ID and have benefited from the protection it
provides their brand and their customers.

Download the full review at Microsoft 

Phishing, spamming , , , , , , ,

solution for phishing

July 30th, 2007

Today, it is difficult for an Internet user to understandwhat information they are disclosing, and to whom
they are disclosing that information. Many anti-phishing solutions try to improve this situation by
making stolen passwords less useful, or by helping users identify legitimate sites. One method for addressing phishing is by adding multi-factor authentication. Most web sites require only single-factor authentication to log in: an end user types in their user name and password to authenticate. Multi-factor authentication requires an additional
factor: a one-time password (OTP) value, a digital certificate (usually through a smart card or USB token), or a biometric identifier. The idea of two factor authentication is to require “something you know” with “something you have.” If an attacker captures a username and password, that will not be sufficient to log in because the attacker doesn’t have the right OTP value or digital certificate. If an attacker steals a user’s OTP value or digital certificate, they will not be able to log in because they don’t know the user’s password.

Source Verisgn

Phishing

who the phishers are?

July 12th, 2007

Do you know who the phishers are? They are the Internet criminals who are always on their toes to seduce the unsuspecting Internet users into posting passwords/userids of important things (e.g., credit card etc.) into phony internet sites and thereby, make them victims of Internet forgery, a criminal act which is on the increase at an alarming rate these days. You may receive emails asking you to earn money just by submitting some of your private/confidential information in a particular site; the whole forgery will be maneuvered with such a professional perfection that, unless you are very alert, you shall never suspect the danger underneath.

Protect against phishing attacks

http://www.security-hacks.com/2007/05/31/10-anti-phishing-firefox-extensions

Phishing

Phishing and Online Fraud Undermine Customer Confidence

July 12th, 2007

Phishing scams and online fraud have created doubt and concern among online shoppers. To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure and they are who they say they are. Security vendors and Internet browsers have combined forces to establish the Extended Validation Standard for SSL Certificates.

Now a days phishing standars are at the peak. the most targets are the online banking systems and estores. It becomes the responsibility of the the user to follow the instructions given by the service provider of such systems in order to do safe online transaction.

Most of the users are unaware of such frauds and once they are targeted then they show less confidence on online services.

I think the service online service providers should alert their customers about these frauds which will help them to avoid any loss.

Phishing

Reporting spam or email phishing

June 25th, 2007

In your system if you get deceptive spam, including email phishing for your information, forward it to spam@uce.gov. Be sure to include the full Internet header of the email. In many email programs, the full “Internet header” is not automatically included in forwarded email messages, so you may need to take additional measures to include the full information needed to detect deceptive spam.

The above action is only a reporting to the authority. protecting yourself is another issue. You must take some measures to make your system safe for any kind of intrusions.

Phishing

Paypal and phishing mails

June 19th, 2007

PayPal tells its users to expect official PayPal emails to contain their names in the body of the email. Phishing emails that include a person’s correct name that corresponds to their email address could fool the recipients into believing the email is actually from PayPal. Phishing emails are sent to trick people into revealing financial information and/or account passwords. AuctionBytes began reporting on hoax emails targeting PayPal in June of 2002 (http://auctionbytes.com/cab/abn/y02/m06/i27/s03). Since then, phishing attacks have become a serious problem for PayPal and eBay members as the emails get more sophisticated and attackers prey on unsuspecting users.

Phishing

DIY phishing kits available online

June 17th, 2007

It has been discovered that do-it-yourself phishing kits are being made available for download free of charge from the internet.

Anyone surfing the web can now get their hands on these kits, launch their own phishing attack and potentially defraud computer users of the contents of their bank accounts.

These DIY kits contain all the graphics, web code and text required to construct bogus websites designed to have the same look-and-feel as legitimate online banking sites. They also include spamming software which enables potential fraudsters to send out hundreds of thousands of phishing emails as bait for potential victims.

The researchers believe that hundreds of thousands of phishing emails are sent across the internet every day, each designed to defraud money from innocent computer users, and the problem is growing. With phishing kits now becoming freely available over the net, Sophos predicts this worrying trend is set to continue.

“Until now, phishing attacks have been largely the work of organised criminal gangs, however, the emergence of these ‘build your own phish’ kits mean that any old Tom, Dick or Harry can now mimic bona fide banking websites and convince customers to disclose sensitive information such as passwords, PIN numbers and account details,” said Graham Cluley, senior technology consultant. “There is plenty of profit to be made from phishing. By putting the necessary tools in the hands of amateurs, it’s likely that the number of attacks will continue to rise.”

The experts are  urging computer users to be wary of any emails asking them to reconfirm sensitive financial information and advises that anti-spam software at the email gateway can prevent these unsolicited email messages from even reaching inboxes.

“Recipients of suspicious emails claiming to come from online banks should just delete them and should certainly not click on the links contained within the messages,” continued Cluley. “Web hosts and ISPs can also play their part in the fight against phishers by closing down websites if they find these kits posted on their servers.”

Phishing