Security Information |
|
Phishing, Fraudulent, and Malicious Websites
Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living. The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us. Warning: There are Websites You'd Better Not Visit Phishing websites Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information. At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students. Keyloggers and Trojans Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information. It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively. Fraudulent websites are on the rise Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated. A Hybrid Scam In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details. This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV). As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order. Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products. Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code. Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers. When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data. Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file. In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly. What a user can do to avoid these sites? As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank. Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse. As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive. As for malicious websites? "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from the Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk. Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more. Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company. The company's R&D department created an innovative technology, which disables the very processes of information capturing -- keylogging, screenshoting, etc. It makes the company's anti-keylogging software truly unique: it doesn't detect keyloggers or information-stealing Trojans one by one -- they all simply can't work. Learn more -- visit the company's websitehttp://www.anti-keyloggers.com
MORE RESOURCES:
'Blow the whistle': Indiana's top election official spends $35k on security guide mailings • Indiana Capital Chronicle Indiana Capital Chronicle Violence in New Caledonia subsides slightly as France sends reinforcements for security The Associated Press Canada security intelligence chief warns China can use TikTok to spy on users, CBC reports Reuters Canada House Passes Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations Israel Resists Grand Bargain as U.S. and Saudis Work on Security Pact The New York Times U.S.-Ukraine Security Entanglement Risks Forever War The American Conservative Sean 'Diddy' Combs Allegedly Paid $50K to Obtain Hotel Security Footage of Cassie Assault: Lawsuit PEOPLE Women are worried about their financial security. That may affect the 2024 presidential election CNBC Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings; IBM to Deliver Security Consulting ... IBM Newsroom Now armed with AI, America's adversaries will try to influence election, security officials warn The Associated Press Security video appears to show Sean 'Diddy' Combs beating singer Cassie in hotel hallway in 2016 Washington Times Nuclear security through the eyes of the Co-Presidents of ICONS 2024 International Atomic Energy Agency Security Council Secretary: ‘Not an Inch of Armenian Land Ceded to Azerbaijan’ Armenian News by MassisPost Appropriators Lead Israel Security Assistance Support Act | House Committee on Appropriations - Republicans House Appropriations TikTok is a threat to Canadians' data security, CSIS chief warns Bennington Banner IBM Selling Cloud Security Software to Palo Alto Networks in Broader Cyber Strategy Shift The Wall Street Journal Security footage calls into question Anchorage police account of fatal shooting Alaska Public Media News Identity Management and Information Security News for the Week of May 17; Exabeam, Saviynt, VAST Data, and More Solutions Review Canada Releases Defense Policy Update to Boost Security Department of Defense NATO and Economic Security: A Political Oxymoron or Inevitability? CSIS | Center for Strategic and International Studies New Survey Finds a Paradox of Confidence in Software Supply Chain Security Security Boulevard EXCLUSIVE: Two students uncover security bug that could let millions do their laundry for free TechCrunch Amazon security guard tries to kill unsuspecting boss before he's shot dead in gunfight with police: 'He almost executed me' New York Post FCC proposes BGP security measures Network World Endpoint Security and Network Monitoring News for the Week of May 17; Alkira, Preamble, c/side, and More Solutions Review Diddy Seen Physically Assaulting Cassie in Never-Before-Seen 2016 Hotel Security Footage Entertainment Tonight Putin has ditched his paranoid security chief. Here are 5 of the wackiest things Nikolai Patrushev has said. POLITICO Europe RSA Conference 2024: AI and the Future Of Security Security Boulevard Fox News Poll: Abortion, economy, and border security are top deal-breakers in 2024 elections Fox News See cops working security at Tacoma grocery stores? Here’s why and what policies allow Tacoma News Tribune OWASP dep-scan: Open-source security and risk audit tool Help Net Security Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. - The Washington Post Opinion | Is TikTok Chinese ownership a U.S. national security issue? Come on. The Washington Post UN sexual violence envoy pulls out of Security Council briefing on Hamas hostages The Times of Israel 7 months since Oct 7, UN Security Council holds first meeting entirely dedicated to Israeli hostages in Gaza All Israel News PKI-Based Passkeys Lead The Way For A Passwordless Future Security Boulevard Multnomah County Signs $40 Million Contract for Armed and Unarmed Security at County Facilities, Including Public ... Willamette Week An inspector general warned the Justice Department of gaps in its security clearance appeals process Government Executive Enabling Continuous Zero Trust in Multi-Cloud Environments with Netography Fusion Security Boulevard May 17: IDF fighter jet carries out rare strike on target in West Bank city of Jenin The Times of Israel Votiro Keeps Up the Momentum in 2024 Security Boulevard A Free, Prosperous, and Secure Future for Ukraine - United States Department of State Department of State The Best Home Security Systems of 2024 Security.org The situation concerning Iraq - Security Council, 9628th meeting Welcome to the United Nations JLOTS, an obscure Army-Navy capability, arrives in Gaza NavyTimes.com Brothers Indicted for Stealing $25 Million of Ethereum in 12 Seconds Security Boulevard Cybersecurity Insights with Contrast CISO David Lindner | 5/17/24 Security Boulevard The Dell API Breach: It could have been prevented Security Boulevard 'Abnormal' security video, Google Drive led to Stephan Sterns' arrest in Madeline Soto case, documents show WKMG News 6 & ClickOrlando America's Envoy to the United Nations Gets 'Honest' With Security Council About the Fate of Hamas's Hostages The New York Sun Making Safety and Security Intrinsic to School Design Campus Security Today Response to CISA Advisory (AA24-131A): #StopRansomware: Black Basta Security Boulevard USENIX Security ’23 – AEX-Notify: Thwarting Precise Single-Stepping Attacks Through Interrupt Aware... Security Boulevard U.S. Security Cooperation with Ukraine - United States Department of State Department of State Belgium cuts off ticket sales for soccer match against Israel over ‘security concerns’ The Times of Israel Security fog machine helps deter burglars from Chatsworth business FOX 11 Los Angeles French security forces impose 'calmer' situation in New Caledonia under emergency powers FRANCE 24 English In first, UN Security Council holds meeting solely focused on hostages held by Hamas The Times of Israel Donald Trump to visit St. Paul. What are the security expenses? St. Paul Pioneer Press |
RELATED ARTICLES
Watch Out For That Scam The IFCC (Internet Fraud Complaint Center) received over 200,000 complaint submissions for 2004, an increase of 66.6% from 2003. New Mass Mailing Spamming Internet Trojan for the Windows Platform May. 16th 2005 - MicroWorld has reported the discovery of Troj/Sober-Q, which is a mass mailing spamming internet Trojan for the Windows platform. Is Spyware Watching You? Imagine my surprise when I received a phone call from afriend who told me he'd been the victim of a "spyware"attack that left him shaking at his loss of privacy.I listened to his horror story with a sympathetic ear, butI felt secure since I carry anti-virus software and afirewall (both by Norton). Types Of Computer Infections Computer infections can be broken up into 4 main categories which are explained in detail below:VirusesComputer Viruses are small pieces of software that attach themselves to real programs. An example would be a virus that attaches itself onto windows explorer. Detect Spyware Online You can detect spyware online using free spyware cleaners and by installing spyware protection software on your computer. Often it's best to start with free spyware cleaners because these free programs will remove any spyware programs currently running on your computer. Its Time to Sing the Encryption Song - Again! Yes, I'm wearing my encryption hat again. Why you may ask? Well I just finished reading about the newest security hole in Microsoft's latest server product. 7 Ways to Spot a PayPal Scam E-Mail Paypal is a great site and is used by many to send and receive money. Unfortunately some dishonest people are using the Popularity of Paypal to line their own pockets with gold at the expense of unsuspecting Pay Pal members. An Open Letter From a So-called Stupid Someone recently told me, "You would have to be a stupid to lose your personal information." While I respectfully responded to this person in the moment, the comment has stuck with me. Are They Watching You Online? When surfing the Internet you probably take your anonymityfor granted, most of us do.Tapping phones, listening to confidential conversations,reading others' e-mail messages seems like something thatonly happens in spy movies to "other" people. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. An Open Door To Your Home Wireless Internet Network Security? This is not some new fangled techno-speak, it is a real tool to be used for the protection of your wireless internet network and LAN. African American SMBs have to realize that if your Internet connection is on 24/7 then your network, and it is a network that your computer is connected to, is at risk. Clown Internet Scam - An Internet Scam is Currently Targeting Clowns and Other Entertainers I am the victim of an internet scam. It is very hard to write that sentence, but it's necessary in order to warn my fellow clowns, magicians and other entertainers, and to prevent them from being taken for $2,800. Phishing - A High Tech Identity Theft With A Low Tech Solution Have you ever got an email asking you to confirm your account information from a bank or a company that you have never done business with? The email looks official and it even has a link that appears to take you to the company's website. The email you have received is actually from an identity thief. If You Steal It, They May Come! Business on the internet is getting down right shameless. This week, my email box was literally filled with hype, overly inflated promises, phish mail, scams, ezines I did not order, and about 14 viagra gimmicks. Its War I Tell You! There are ways to insure security though. You can get the Windows Update CD from Microsoft and install that before you get online, You can also get most Antivirus Definitions downloaded and save them to disk, then install those before you go online, (of course you have to be using that Product in the first place), and you can get Anti-Spyware on a disk and do the same. Online Cell Phone Scams and Spam They're out there. Individuals trying to make a quick buck at your expense. Firewall Protection - Does Your Firewall Do This? The first thing people think about when defending their computers and networks is an up-to-date antivirus program. Without this most basic protection, your computer will get a virus, which could just slow it down or potentially bring the pc to a complete standstill!So anti-virus software is the answer?An anti-virus solution on it's own is not the answer to all of your problems, it can only protect you so much; in fact test have shown that a new pc running Windows XP if left connected to the Internet unprotected will be infected with viruses and remotely controlled via unauthorised persons within 20 minutes! To protect you against hackers and often to prevent spyware and 'scumware' from communicating directly with their servers about information it may have picked up from your pc, a firewall should form the key part of your e-security solution. Just Whos Computer is this Anyway? Well, this is an article I never thought I would have to write. Computer ownership was just not something I thought people would get confused over but, after overhearing a number of conversations last week from my co-workers, I realized that quite a few people just don't know how cut and dry this topic is. How To Avoid Hackers From Destroying Your Site? Recently, my site and other internet accounts ( http://www.nabaza. The Saga of the Annoying Adware When we think of adware, what comes to mind are those annoying and pesky ads that pop up out of nowhere whenever we are surfing the net. Anybody who has surfed through the net has encountered those irritating pop-up adwares advertising everything from computer software down to Viagra. |
home | site map |
© 2006 |