Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Phishing" Attacks to Increase

Posted by CmdrTaco on from the stop-clicking-on-emails dept.

neutron_p writes "The number of people who succumb to identity thieves' "phishing" e-mails could go way up if immediate action isn't taken to preempt the next generation of attacks, according to an Indiana University School of Informatics researcher. "Phishing" e-mails appear to be sent by legitimate businesses, but are actually created and distributed by villains who are after your personal information. They describe some thieves' tricks. One kind of context-aware attack tricks eBay bidders into giving out identifying information by leading bidders to believe they've won an auction. In another kind of context-aware attack, a potential victim might receive a message from a known person -- for example, a friend or loved one - asking him or her to go to a Web site to update banking information."

11 of 358 comments (clear)

  1. first post? by Anubis350 · · Score: 3, Informative

    wasnt there a recent article about google doing something about this here: http://it.slashdot.org/article.pl?sid=04/10/18/023 6201&tid=111&tid=217&tid=95&tid=1 as I understand it, yahoo's signing technology, which hopefully will become a standard, will help stop such attacks. Google signing on to it helps push it quite a bit

    --
    "goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
  2. In related news... by slavemowgli · · Score: 5, Informative

    In related news, Google has recently updated Gmail with an automatic detection of phishing attempts / spoofed emails; suspicious emails will be displayed with a warning:

    "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information. Learn more"

    Like spam detection, it's not perfect, of course, but I think it's a very good idea.

    --
    quidquid latine dictum sit altum videtur.
  3. Anti-Phishing Working Group by sharp-bang · · Score: 3, Informative

    You can read more about efforts to combat phishing here. Lots of purty charts and plenty of specific examples.

    --
    #!
  4. Got one of these a week ago... by RyoShin · · Score: 4, Informative

    I got a phishing e-mail (should it be called 'bate'?) a week or so ago, but there were two key things that let me know it was a scam (aside from general common sense):

    1) I don't have an account at the bank listed (Citibank, in this case.)

    2) The e-mail itself was a giant GIF. (It did have the 'fail-to-get-around-spamblocker' words in text at the bottom, though.)

    Instead of getting rid of phishing scams, we should get rid of low-common sense/stupid people on the net. Then we wouldn't have this problem. Or many others.

    A leader is only a leader when he has followers.

  5. Re:Huh? by Yolegoman · · Score: 5, Informative

    It's "Phishing", and the general idea behind it is to send someone an email saying something like "We, Citibank, need you to update your banking information due to a database crash." They then send you to a site that LOOKS legit, and you then enter your information or even just your username / password. The phishers then have your account information, and they are free to do whatever they please with it. As has been said, it's only because uneducated grandmas and fools actually do what the emails say that the Phishers keep sending their crap. - Yolego

  6. Size of the problem by prostoalex · · Score: 3, Informative

    Americans lose $500 mln yearly to phishing.

    That's large enough amount for personal scale, especially if you've lost the savings that have been put up against a new house or new car.

    But on the large scale, banks won't care, the loss is $3-4 a person, you lose more per year on some dubious surcharges.

  7. Re: I would agree with you... but.. by bludstone · · Score: 5, Informative

    I've actually recieved one of these emails. It looked legit.

    Really legit.

    In fact, the only clue that it wasnt an official notice was the email came from ebay.(official sounding name).com

    That and they asked for my l/p, which I know not to give over email.

    Honestly, I can say that this goes beyond normal user stupidity. People are being scammed, and these are expert scams. Yeah, people need to apply more critical thinking skills to these things, but I think you are not giving the creators of these emails enough credit.

    I mean, they look _really_ official.

    --

    no .sig
  8. Re:Where did the test go? by stecoop · · Score: 3, Informative

    Here the /. article and here is the test. I think those test were bogus though because it didn't let you see the full source email.

  9. Gmail has started to do something similar by fizbin · · Score: 3, Informative

    Gmail now will mark suspicious email with a banner that says something to the effect of "This email does not appear to be from who it claims. Learn More...", with a link to information about phishing scams.

  10. This your smart enough? by seanvaandering · · Score: 3, Informative

    Well, if you think you are, then why not see if your prone to phishing scams, or if it's a legitimate e-mail offer! Take the Mail Phishing Test

    Enjoy! ;)

  11. That is useful for sure, HOWEVER... by WebCowboy · · Score: 3, Informative

    ...I just hope the font people have set in the status bar is legible enough to catch the trickier ones. Look at these three characters: "I" "l" "1". In some fonts they are identical (uppercase i, lowercase L and the number one).

    Paypal was one of the earliest business victims of phishing scams, which were successful becasue of the unfortunate last character in the name. The scammers registered paypai.com (shown in the url as paypaI.com) and paypa1.com (number one at the end) and set up convincing, secure sites to scam people.

    I applaud the Mozilla people for giving users the tools to help spot scams, but people still have to use their heads.