PHISHING:

Internet Users Taking Pishing Bait, IU Sudy

Submitted by Technology News... on Sun, 2006-10-15 17:08.

A higher-than-expected percentage of Internet users are likely to fall victim to scam artists masquerading as trusted service providers, report researchers at the Indiana University School of Informatics.

"Designing Ethical Phishing Experiments: A Study of eBay Query Features" simulated "phishing" tactics used to elicit online information from eBay customers. The online auction giant was selected because of its popularity among millions of users -- and because it is one of the most popular targets of phishing scams.

Phishers send e-mail to Internet users, spoofing legitimate and well-known enterprises such as eBay, financial institutions and even government agencies in an attempt to dupe people into surrendering private information. Users are asked to click on a link where they are taken to a site appearing to be legitimate. Once there, they are asked to correct or update personal information such as bank, credit card and Social Security accounts numbers (Meer>>).

De laatste nieuwe Phishing Scam, zo werken ze dus nu:

AT&T Hackers Devised Elaborate Scam To Dupe Customers.

It wasn't enough for hackers who hit AT&T's DSL equipment sales Web site to simply make off with some customer information; they've been using those stolen names, e-mail addresses, and credit card numbers to launch especially convincing phishing attacks against those victims. The phishing site set up by the hackers incorporates this stolen customer data in an effort to convince AT&T customers to divulge additional sensitive information, including Social Security numbers.

AT&T says it has already alerted the nearly 19,000 customers whose information was compromised about the phishing scam and directed them to an AT&T Yahoo help page. This page notes that AT&T customers are being targeted by a new phishing scam from the http://sbcdslstore.org/veri.php Web site. The actual address for AT&T's DSL equipment site is sbcdslstore.com (not .org). A visit to the AT&T site on Friday revealed a message stating, "We apologize for the inconvenience, but our website is experiencing difficulties at this time." Meer>>

Nieuwe Phishing Technieken. Hierbij een artikel overgenomen uit INFOWORLD. (Binnenkort hierover meer in begrijpelijk Nederlands).

The recent super-sophisticated phishing attack against online payment service PayPal was yet more proof that the inability of anti-virus and firewall tools to stop new threats is the worst-kept secret in computer security.

The attack exploited a cross-site scripting flaw, allowing unknown fraudsters to inject a phony warning message and malicious phishing Web site link into a page served by a PayPal secure server.

The attacks have anti-virus stalwarts scrambling to plug the holes in their security armor. Last week, McAfee launched a beta program for Falcon, a new “total protection” suite with SiteAdvisor software to sniff out malicious Web sites. Symantec is also getting into the game, announcing a new transaction security software package this week called Norton Confidential. Meer>>

In een artikel in o.a. New Scientist werden wij geattendeerd op een andere nieuwe vorm van phishing.

AS IF "phishing" emails weren't already hard enough to spot, imagine hackers being able to discover which websites you visit and using this information to personalise their bogus messages. They could then send you a phishing message purporting to be from your own bank, asking you to hand over sensitive information.

This is possible, Markus Jakobsson and colleagues at Indiana University in Bloomington have discovered, because of a flaw in the way websites talk to browsers. They are urging banks and other e-commerce firms to make changes to their sites to make such snooping more difficult. Meer>>