Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evolving Phishing Attacks Using Web Vulnerabilities?

Posted by Cliff on from the how-to-protect-against-the-new-generation-of-annoyance dept.

miahrogers writes "The IRS Scam from a few weeks ago was not the the usual canned phishing attack; it exploited a vulnerability in the IRS benefits website to make users think they were at a government site. Also, according to Infoworld, eBay's own fraud team was tricked into thinking a phishing email was legitimate eBay correspondence. Mix the above IRS exploit with a phony email and you have misplaced trust that foils even professional fraud teams. Interestingly enough, the newest addition to my bookshelf predicted these attacks in full detail. From chapter 4: 'Combined with vulnerable Web servers allowing the "trusted" domain to launch the attack, it will be harder to determine whether the email is or isn't legitimate. When a person turns in the e-mail to question its legitimacy, due to the known marketing campaign a tech support representative may overlook the fraud report and tell the customer that XYZ company did send out such a marketing e-mail and it is OK to click the links.' Are phishers using this book as a tool, or is it a legitimate prediction? As an IT professional, what efforts should our corporate IT department be making to proactively to eliminate these vulnerabilities?"

3 of 179 comments (clear)

  1. Use the registry, Luke! by mister_llah · · Score: 0, Offtopic

    Restricting user's access rights to their own machine is an obvious preventative step.

    The Windows registry is a powerful tool for controlling what people can do to screw up a machine (sadly it isn't really well documented)...

    It isn't a miracle cure, nothing is... but it's a good idea.

    --
    MoM++ - A Classic Expanded - [Master of Magic 1.5]
    http://mompp.sourceforge.net/
  2. OT But ... Intelligent Design Loses Court Case. by kotku · · Score: 0, Offtopic

    http://news.bbc.co.uk/2/hi/americas/4545822.stm

    Thought I'd pre-empt the inevitable slashdot article on the subject.

    Tee Hee Hee

    --
    The bikini - security through obscurity since 1943
    1. Re:OT But ... Intelligent Design Loses Court Case. by vertinox · · Score: 0, Offtopic

      OT But ... Intelligent Design Loses Court Case

      Don't worry... Everyone got that info on Digg and we'll have plenty of times to comment and ramble on the topic after its duped 3 times over the next week. ;)

      --
      "I am the king of the Romans, and am superior to rules of grammar!"
      -Sigismund, Holy Roman Emperor (1368-1437)