This page contains a Flash digital edition of a book.
tials) or any other personal information should be viewed with suspicion. “You have to be vigilant about the con- tent of e-mails that get through [your e- mail spam filter],” says Matt Sergeant, senior anti-spam technologist for Symantec. “You have to rely on end-user education. No bank would ask for infor- mation by e-mail; your login ID and pass- word are private to you. And never, especially for anything involving banking or your e-mail account, never rely on clicking a link in an e-mail.”


David Emm, senior regional researcher with the Kaspersky Lab Global Research & Analysis Team, agrees. “We know only too well from the history of the past 20 years that social engineering is successful,” he says. “Its persistence as a strategy can be explained by the fact that there’s always some new hook.”


In May 2010, Kaspersky saw PayPal, GONE


PHISHING I


By Lynn Greiner


t is hard to believe, but nine of every 10 e-mail messages are spam of some de- scription. No wonder paranoia has be- come a way of life for most of us using a computer these days. However, for those remaining trusting souls, there have often been unhappy consequences due to the increasing frequency and sophistication of phishing and other e-mail-based attacks. Phishing, the sending of credible- sounding requests for personal informa- tion, such as user names, passwords, banking information or other data used in identity theft, is on the rise. Whether it’s al- legedly from your bank, your ISP or a so- cial networking site, any e-mail asking for login credentials (or asking users to click on an included link to enter said creden-


16 SECURITY MATTERS • JULY/AUGUST 2010


eBay, HSBC and Facebook remain the most popular targets for phishers. A typ- ical attack hit Bank of America (number nine of the top 10), whose customers were asked to click a link in an e-mail and enter their login credentials to supposedly vali- date their accounts after a security update. The link, of course, allowed the phisher to capture the customer’s credentials, giving full access to the account.


Scammers rely on trickery to convince users to give away their credentials on the web as well. For example, a new technique known as tabnapping makes use of the fact that many users keep multiple tabs open in their browsers, and assume that the contents of open tabs remain the same. Tabnappers sneakily change the content of an open tab to make it look as though a session with Facebook or a banking site has timed out, and asks the user to login again. When the user, who doesn’t realize that the tab in question was originally con- nected to a completely different site, duti- fully enters his or her credentials, the tabnapper grabs them and the user’s iden- tity (or bank account) is compromised. In phishing attacks, spammers leverage everything from web pages to social net- works in their efforts to con victims. “These guys constantly research browser vulnerabilities,” Sergeant says. “They don’t get patched fast enough.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32
Produced with Yudu - www.yudu.com