Slashdot Mirror


"Phishing" Attacks to Increase

neutron_p writes "The number of people who succumb to identity thieves' "phishing" e-mails could go way up if immediate action isn't taken to preempt the next generation of attacks, according to an Indiana University School of Informatics researcher. "Phishing" e-mails appear to be sent by legitimate businesses, but are actually created and distributed by villains who are after your personal information. They describe some thieves' tricks. One kind of context-aware attack tricks eBay bidders into giving out identifying information by leading bidders to believe they've won an auction. In another kind of context-aware attack, a potential victim might receive a message from a known person -- for example, a friend or loved one - asking him or her to go to a Web site to update banking information."

9 of 358 comments (clear)

  1. One nice new thing in Firefox by Anonymous Coward · · Score: 5, Insightful

    Was the addition of yellow highlighting for secure sites, and the domain in the status bar. It really makes picking up when you're on a secure site easier. In the past you had to really look for that little lock icon or whatever.

    Phishing is just conmen moving to the internet. They use similar tricks in the real world, just on a smaller audience. Here in the DC area there are several police imposters running around, some of them tricking people into withdrawing all the money from their bank (it's counterfeit!!!) and others actually using flashing lights to pull over people on the road.

    1. Re:One nice new thing in Firefox by I_Love_Pocky! · · Score: 5, Insightful

      It really makes picking up when you're on a secure site easier.

      I'm sorry, but just because the site uses SSL doesn't mean they are who you think they are.

    2. Re:One nice new thing in Firefox by cmg · · Score: 5, Insightful

      One thing I just got onto my banking website for is in a new version, they switched to using components spread amongst 4 domain names.

      It's hard enough telling grandma that www.examplebank.com is different from www.example-bank.com for phishing scams. It's only harder when the banks themselves are spreading confusion.

  2. USERS are the problem by drsmack1 · · Score: 5, Insightful

    Until the majority of the people out there have the critial thinking skills to deal with this sort of thing the problems will continue. The same people who are stupid enough to give out their info to someone who e-mails them are the one buying shit from SPAM e-mails.

  3. Somebody teach the legit companies... by Se7enLC · · Score: 5, Insightful

    How are we supposed to tell the difference between a legitimate email from a company and a phishing attempt when places like CapitalOne use skeezy companies like bfi0.com for sending email to their customers? A link that says "Click here to access your statement" that actually goes to http://capitalone.bfi0.com/T8RT044ABB6D98DEB357FB2 EDD4A80 makes me feel safe inside.

    1. Re:Somebody teach the legit companies... by Scorchio · · Score: 5, Insightful

      This is a serious problem... I get emails from Bank of America, telling me how cool it is to pay my bills through their online service, and provides links to the site. The link isn't simply to http://www.bankofamerica.com/, it's http://links.bankofamerica1.com:8082/Click?q=eXXXX , which redirects to the former. Is it really Bank of America, or is it a phisher who's registered the domain name with a '1' on the end? I'm fairly sure it's ok, but I'm sure they don't expect all customers to run whois enquiries on link addresses.

      The thing that scares me is that it could so easily be a more subtle phishing email. It doesn't follow the more obvious method of asking for people to login to verify their details. If it was a scam, this could easily fool even those of us who should know better - those of us who have just crawled out of bed and remembered the phone bill still needs paying. Clicking the link and logging in is so easy, and exactly what a phisher is waiting for.

  4. Re:Humans... by stilwebm · · Score: 5, Insightful

    I almost completely agree that if you're dumb enough to fall for the scam, you deserve it.

    Most slashdot readers are smart enough to avoid this type of scam, so it's easy to say "these scams don't affect me." Them problem is, they do. Increased success of scams leads to increased fees and holdbacks for credit card transactions, increased retail prices, increased costs for investigations, increased costs for prevention and decreased productivity. These are all small hidden costs but they add up. Maximizing prevetion has real economic benefits for everyone. Sympathizing with the criminals only hurts lawful consumers.

  5. Re:I get countless dozens of these every week by meringuoid · · Score: 5, Insightful
    I've tracked a LOT of these ebay scams to Korea. Dubya was right, North Korea is a threat.

    It's not North Korea, it's South Korea. The place is full of ridiculously fat broadband connections, and the ISPs don't seem too bothered about what goes on on the networks. Since Koreans aren't any brighter than the rest of us, an awful lot of those broadband connections go to Windows machines which have been 0wnz0red since about 30 seconds after they were first switched on.

    And that's before we even consider the mail servers installed in every school in the country, which are wide-open mail relays out of the box. Aaarrrggghhh!

    South Korea would be paradise to be in - fat connection and nobody giving a filesystem check what you're doing with it - but the consequences for the rest of the world are becoming a nightmare.

    --
    Real Daleks don't climb stairs - they level the building.
  6. Re:Humans... by LordNimon · · Score: 5, Insightful
    So why not just eliminate the no-liability clauses in credit card agreements to reflect that if you (the cardholder, accountholder, whatever) give away information that leads to a loss, you are solely liable for that loss without limitation?

    That's unenforceable because it's impossible to prove that any particular illegal use of my credit card number was the (direct or indirect) result of my giving the number to the wrong person. Besides, that liability clause is a selling point for credit cards. No one would choose a card that held them liable for unauthorized charges.

    --
    And the men who hold high places must be the ones who start
    To mold a new reality... closer to the heart