and there's more… ”
http://www.ajr.org/News_Wire_Services.asp?MediaType=13
Last week, the Anti-Phishing Working Group, an online fraud watchdog, reported that the number of phishing e-mails it tracked between January and February grew by only 2 percent.
That figure seems to mark a significant lessening of the threat, given that the average growth rate has been 26 percent per month since July 2004. But during the January-February period, phishing attacks also became dramatically more complex, experts said.
Whatever form they take, phishing fraud schemes--including offshoots such as pharming, cross-site scripting and DNS poisoning--are getting smarter.
"Phishers are thieves, and thieves in the online world, as in the real world, are working very hard to separate personal financial information and other data from their victims," Microsoft attorney Aaron Kornblum said.…
"People will continue to think up news ways to apply phishing techniques and deceive consumers," he said. "The sophistication is growing, and it's not that surprising at all."
New crooks, more-effective tricks
The first wave of phishing attacks played on the ignorance of unsuspecting consumers, spamming their in-boxes with e-mails that looked like they linked to Web sites belonging to banks, investment companies and e-commerce businesses such as eBay. In reality, they were fake pages designed to lure people into divulging account login data, or other sensitive personal information that could enable the crooks to commit identity fraud.
Recent attacks have gotten more sophisticated, with advances in phishing schemes that use e-mail and the creation of fraudulent Web pages that appear almost identical to their legitimate counterparts.
And new threats have arisen: Attacks based on instant messaging; ploys that use JavaScript technology to hide threats on legitimate Web pages; and new social-engineering strategies.
One of the most telling examples of improved social-engineering techniques is a recent attack that didn't seek to nab victims' names, addresses or Social Security numbers.
Instead, the scheme targeted customers of Salesforce.com, with the aim of stealing information stored on the company's databases.…
Attacks designed to hit specific groups of people who hold valuable information will likely increase, said Jayne Hitchcock, a cybercrime specialist who advises law enforcement agencies and company executives about online fraud and author of the book "Net Crimes & Misdemeanors: Outmaneuvering the Spammers, Swindlers and Stalkers Who Are Targeting You Online."
"Sending a phishing e-mail out to everyone on the Web has had some effect, but not the kind of impact you imagine that some of these more custom-made attacks might have," Hitchcock said. "When you know that a certain group behaves a certain way, or is accustomed to getting information from a known source over e-mail, there's a greater opportunity to play on people's habits and get them to hand over the goods."
Schemes that use instant-messaging services rather than e-mail to distribute fake links are another new way of phishing, Hitchcock said. She pointed to an attack launched via Yahoo Messenger last month as an example. The messages often appear to be sent to IM users from someone on their contact list.…
"The message is coming to them from someone on their buddy list," Hitchcock said. "That's a different level of threat than an e-mail sent from someone you don't communicate with on that medium, and it presents a much greater risk as well. Our research tells us that teens are fast and loose on the Internet and will share information more readily than most adults, so their information could get out via something like IM phishing and ruin their credit before they even get started in life."
Another twist on the old formula keeps the tried-and-true e-mail messages but hides a spoofed URL in a legitimate Web site address.…
Pushing the tech envelope
Online criminals have also begun adopting more-advanced technology. These more-sophisticated phishing methods range from the relatively simple (such as using unprotected URLs maintained by real businesses to redirect users to phishing sites) to the extreme (such as using JavaScript code to add content on top of legitimate pages, a practice known as cross-site scripting).
In… "pharming," online thieves try to redirect people from legitimate sites to malicious ones using "DNS poisoning." The scammers target the servers that act as the white pages of the Internet--a key part of cyberspace that's known as the domain name system, or DNS--and replace the numeric addresses of legitimate Web sites with the addresses of their malicious sites.
There is evidence that when a new form of phishing is reported, another variation on the theme appears, as criminals try to stay one step ahead of the law. Shortly after cross-site scripting began to garner media coverage, researchers at Internet security company Netcraft saw fraudsters loading their content into the internal frame rendering on Web pages, which would allow attackers to victimize people who had turned off JavaScript applications to protect themselves.
This rapid adjustment is proof that more professional criminals and technologists have turned their attention to phishing, according to Paul Mutton, Internet services developer at Netcraft.… ”
Ever wonder what all of those mysteriously-named Windows 'processes' are doing, and how they got loaded on your computer in the first place? Use the helpful ProcessLibrary.com to find out. This article explores more. (Search Types: Computers)
Looking for Links In All The Wrong Places?
SearchDay, March 29, 2005
In their frenzy to build links to curry favor with the major search engines, web site owners miss a far more important audience that's increasingly turning to topical search sites. (Link Building)
Writing for Search Engines
SearchDay, March 23, 2005
Success in search engines almost always means striking a delicate balance between applying search optimization techniques to web pages and creating high-quality, meaningful content. Effective writing for search engines is the key to achieving this balance. (SEO SEO: Meta Tags SEO: Site Design)…
http://searchenginewatch.com/sereport/article.php/3495881
Posts
All Comments
