<< Previous 1 2 3 4 5 6 7 8 9 10 11 Next >>
Phishing involves sending email messages that seem to come from trustworthy sources, such as banking entities, but attempt to harvest confidential user data. In order to do so, they usually include a link that, if accessed, takes the user to a fake website. By doing this, users believe they are interacting with a trustworthy website, enter the information requested, which finally ends up in the hands of the fraudster.
There is a huge range of software and programs that are classified as belonging to the category of personal or financial information theft. Some of them are quite complex, such as the use of a Javascript window floating over the address bar of the web browser with the aim of confusing users.
Some of the most common characteristics that these forged email messages present are:
- Use of the names of existing companies. Instead of creating a company's website from scratch, fraudsters imitate the corporate image and website functionality of an existing company in order to further confuse recipients of the forged message.
- Use of the name of a real company employee as the sender of the spoofed message. By doing so, if recipients attempt to confirm the authenticity of the message by calling the company, they will be assured that the person that acts as spokesman of the company does actually work for the company.
- Web addresses that seem to be correct. Forged emails usually take users to websites that imitate the appearance of the company used as bait to harvest the information. In fact, both the contents and the web address (URL) are spoofed and simply imitate legitimate contents. What's more, legal information and other non-critical links could redirect trusting users to the real website.
- Fear factor. The window of opportunity open to fraudsters is very short, as once the company is informed that its clients are targets of these techniques, the server that hosts the fake website and harvests the stolen information is shut down within a few days. Therefore, it is essential for fraudsters to obtain an immediate response from users. On most occasions, the best strategy is to threaten them with either financial loss or loss of the account itself if the instructions outlined in the forged email are not followed, which usually refer to new security measures recommended by the company.
In addition to obscuring the fraudulent URL in an apparently legitimate email message, this kind of malware, also uses other more sophisticated techniques:
- Man-in-the-middle. In this technique, the fraudster is located between the victim and the real website, acting as a proxy server. By doing so, he can listen to all communication between them. In order to be successful, fraudsters must be able to redirect victims to their own proxy, instead of to the real server. There are several methods, such as transparent proxies, DNS Cache Poisoning and URL obfuscation, among others.
- Exploitation of Cross-Site Scripting vulnerabilities in a website, which allow a secure banking web page to be simulated, without users detecting any anomalies, neither in the web address nor in the security certificate displayed in the web browser.
- Vulnerabilities in Internet Explorer, which by means of an exploits allow the web address that appears in the browser address bar to be spoofed. By doing so, while the web browser could be redirected to a fraudulent website, the address bar would display the trustworthy website URL. This technique also allows false pop-up windows to be opened when accessing legitimate websites.
- Some attacks also use exploits hosted in malicious websites, which exploit vulnerabilities in Internet Explorer or the client operating system in order to download keylogger type Trojans , which will steal confidential user information.
- Pharming is a much more sophisticated technique. It consists in modifying the contents of the DNS (Domain Name Server), either via the TCP/IP protocol settings or the lmhost file, which acts as a local cache of server names in order to redirect web browsers to forged websites instead of the legitimate ones, when the user attempts to access them. Furthermore, if the victim uses a proxy in order to remain anonymous while surfing the web, its DNS name resolution could also become affected, so that all the proxy users are redirected to the false server.
[Top]
<< Previous 1 2 3 4 5 6 7 8 9 10 11 Next >>