Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, December 30, 2005

Phishers Stay One Step Ahead

Fraudsters stayed a step ahead of gullible Internet users in 2005 by fine-tuning their tactics and turning to more sophisticated strategies, a U.K.-based Web monitoring firm said in December 2005.  Open redirects were one of favorite tactics of phishers in 2005, said Web tracking and anti-phishing company Netcraft, and a good example of fraudsters’ increasing proficiency.  Redirects, essentially scripts on the Web server, are used by legitimate domains to redirect users to other parts of a large site from, for instance, the home page.  Phishers can sometimes exploit these scripts to send users to a fraudulent site when users click on a link in a real site.  Netcraft pointed to several examples of redirection attacks in 2005, including one that used an incorrectly configured government site to fool users into giving up Social Security and credit card numbers.

Other phishing trends Netcraft spotted during 2005 included the appearance of pharming attacks and fraudulent e-mails that included HTML-based forms, a tactic that eliminated the need to craft elaborate Web sites to trick users.

Also in 2005, phishing attacks—which are spawned by massive amounts of spam—began using the spammer technique of replacing text with image-based e-mails to avoid detection by keyword-sniffing spam and phishing filters.

http://www.securitypipeline.com/news/175800281

Posted on 12/30
TrendsPermalink