Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evolving Phishing Attacks Using Web Vulnerabilities?

Posted by Cliff on from the how-to-protect-against-the-new-generation-of-annoyance dept.

miahrogers writes "The IRS Scam from a few weeks ago was not the the usual canned phishing attack; it exploited a vulnerability in the IRS benefits website to make users think they were at a government site. Also, according to Infoworld, eBay's own fraud team was tricked into thinking a phishing email was legitimate eBay correspondence. Mix the above IRS exploit with a phony email and you have misplaced trust that foils even professional fraud teams. Interestingly enough, the newest addition to my bookshelf predicted these attacks in full detail. From chapter 4: 'Combined with vulnerable Web servers allowing the "trusted" domain to launch the attack, it will be harder to determine whether the email is or isn't legitimate. When a person turns in the e-mail to question its legitimacy, due to the known marketing campaign a tech support representative may overlook the fraud report and tell the customer that XYZ company did send out such a marketing e-mail and it is OK to click the links.' Are phishers using this book as a tool, or is it a legitimate prediction? As an IT professional, what efforts should our corporate IT department be making to proactively to eliminate these vulnerabilities?"

7 of 179 comments (clear)

  1. All this will stop on the day... by b4k3d+b34nz · · Score: 4, Funny

    ...that IE7 comes out with it's phishing filter. :P

    --
    Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
    1. Re:All this will stop on the day... by ThosLives · · Score: 4, Funny

      Only because of your sig: Did you really mean "The phishing filter owned by IT (Information Technology, or perhaps the Stephen King demon)," or did you incorrectly form the possessive of 'it'?

      --
      "There are a dozen opinions on a matter until you know the truth. Then there is only one." - CS Lewis (paraprhase)
  2. Wellll by OverlordQ · · Score: 2, Funny

    As an IT professional, what efforts should our corporate IT department be making to proactively to eliminate these vulnerabilities?

    Hard code your error messages, hard code everything you can, rely on user input as little as you can, and always treat it like nuclear waste.

    --
    Your hair look like poop, Bob! - Wanker.
  3. Re:Never. Believe. Anything. From. Email. Ever. by BushCheney08 · · Score: 2, Funny

    So are you saying I shouldn't order anything from the email I received yesterday that had the subject "MASTERDICK!"?

    BTW, I'm not kidding about the email, either. Definitely one of the better pieces of spam that's come my way...

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  4. Phishing Attacks Do Not Evolve by Anonymous Coward · · Score: 1, Funny

    Phishing attacks are Intelligently Designed, not evolved! It is improbable to the point of absurd for a random number generator to produce a phishing website in the same way that it is absurd for random events to result in a new liver. Only the actions of an Intelligent Designer like a programmer can produce a phishing vulnerability.

  5. Re:Don't click the links. by BushCheney08 · · Score: 2, Funny

    But typing http://www.f773js93skv0fjdakd9da4js0d9skdsdll23-39 sdksdf.ebay-h4xx0r.com/ is too hard. It's much easier to click the link...

    --
    Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
  6. Phishing filter eh? by Comboman · · Score: 2, Funny

    Is it too late to trade-mark the name 'philter'?

    --
    Support Right To Repair Legislation.