SECURITY INFO
Latest Threats
Spyware
Spam
Phishing
Hoaxes
PandaLabs
Virus map
Panda Virusometer
TRAINING
General concepts
Technical details
Virus FAQs
Practical tips
DOWNLOADS
Repair utilities
Does my antivirus work?
ActiveScan Pro
Free Antivirus
HOME
What is VirusPortal?
Newsletters
HOME SECURITY INFO TRAINING DOWNLOADS WEBMASTERS
Training / General concepts / Phishing
Find:    in:  
 

<< Previous 1-2-3-4-5-6-7-8-9-10-11 Next >>
Phishing: Personal data theft.

Phishing involves sending email messages that seem to come from trustworthy sources, such as banking entities, but attempt to harvest confidential user data. In order to do so, they usually include a link that, if accessed, takes the user to a fake website. By doing this, users believe they are interacting with a trustworthy website, enter the information requested, which finally ends up in the hands of the fraudster.

There is a huge range of software and programs that are classified as belonging to the category of personal or financial information theft. Some of them are quite complex, such as the use of a Javascript window floating over the address bar of the web browser with the aim of confusing users.

Some of the most common characteristics that these forged email messages present are:

  • Use of the names of existing companies. Instead of creating a company's website from scratch, fraudsters imitate the corporate image and website functionality of an existing company in order to further confuse recipients of the forged message.
  • Use of the name of a real company employee as the sender of the spoofed message. By doing so, if recipients attempt to confirm the authenticity of the message by calling the company, they will be assured that the person that acts as spokesman of the company does actually work for the company.
  • Web addresses that seem to be correct. Forged emails usually take users to websites that imitate the appearance of the company used as bait to harvest the information. In fact, both the contents and the web address (URL) are spoofed and simply imitate legitimate contents. What's more, legal information and other non-critical links could redirect trusting users to the real website.
  • Fear factor. The window of opportunity open to fraudsters is very short, as once the company is informed that its clients are targets of these techniques, the server that hosts the fake website and harvests the stolen information is shut down within a few days. Therefore, it is essential for fraudsters to obtain an immediate response from users. On most occasions, the best strategy is to threaten them with either financial loss or loss of the account itself if the instructions outlined in the forged email are not followed, which usually refer to new security measures recommended by the company.

In addition to obscuring the fraudulent URL in an apparently legitimate email message, this kind of malware also uses other more sophisticated techniques:

  • Man-in-the-middle. In this technique, the fraudster is located between the victim and the real website, acting as a proxy server. By doing so, he can listen to all communication between them. In order to be successful, fraudsters must be able to redirect victims to their own proxy, instead of to the real server. There are several methods, such as transparent proxies, DNS Cache Poisoning and URL obfuscation, among others.
  • Exploitation of Cross-Site Scripting vulnerabilities in a website, which allow a secure banking web page to be simulated, without users detecting any anomalies, neither in the web address nor in the security certificate displayed in the web browser.
  • Vulnerabilities in Internet Explorer, which by means of an exploit allow the web address that appears in the browser address bar to be spoofed. By doing so, while the web browser could be redirected to a fraudulent website, the address bar would display the trustworthy website URL. This technique also allows false pop-up windows to be opened when accessing legitimate websites.
  • Some attacks also use exploits hosted in malicious websites, which exploit vulnerabilities in Internet Explorer or the client operating system in order to download keylogger type Trojans, which will steal confidential user information.
  • Pharming is a much more sophisticated technique. It consists in modifying the contents of the DNS (Domain Name Server), either via the TCP/IP protocol settings or the lmhost file, which acts as a local cache of server names in order to redirect web browsers to forged websites instead of the legitimate ones, when the user attempts to access them. Furthermore, if the victim uses a proxy in order to remain anonymous while surfing the web, its DNS name resolution could also become affected, so that all the proxy users are redirected to the false server.
[ top ]

<< Previous 1-2-3-4-5-6-7-8-9-10-11 Next >>

 

  © Panda 2007 | Make this your home page | Bookmark this page | Send page | Contact us | Legal notice | Privacy Policy