Phishing Attacks on the rise
A Phishing attack attempts to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a legitimate entity, usually in e-mails or instant messages sent out to unsuspected users.
The messages appear to be sent from banks, financial institutions, online payment processors, IT administrators, popular social web sites, etc., and are designed to lure the unsuspecting into entering personal details at a fake website whose look and feel are almost identical to the legitimate one. These days, cybercriminals are getting more and more sophisticated, and no user input is needed, because a computer can get infected with a virus just by visiting a malicious website.
Most of the time, the links that are being sent seem to be legitimate and originating from the spoofed organization’s website. Misspelled URLs or the use of subdomains are common tricks used by phishers. Uttermost care must be exerted when receiving a message from unconfirmed sources. The way of knowing that the message is legitimate is by looking at the link they want you to click. If it is obfuscated or it is a re-directional link you can be sure it is a phishing attack. No reputable company would ever try to lead customers anywhere else that their own websites.
For example, in the following URL, http://www.yourtrustedinstitution.xxx.com/, it appears as though the URL will take you to the example section of the your trusted institution website, when in fact, this URL is pointing you to the “yourtrustedinstitution” subdomain of the xxx (phishing) website. Another common trick is to make the displayed text for a link (the text between the link tags) different from the real destination, when the link actually goes to the phishers’ site. For example, the following example link, http://www.coca-cola.com/, seems to be leading to the Coca-Cola website, when in fact is leading to the Pepsi-Cola one. The way of finding out the real destination is by hovering over the link and looking at the lower left hand corner of most browsers where you can preview and verify where the link is really going to take you.
Another source of risk is when they send you attachments that downloads a Trojan. Never click on those either, unless you are 100% sure about the sender. And even so, sometimes people spread virus unwittingly.
Don’t take these warnings lightly. According to Symantec, phishing messages were up in July primarily due to a 92 percent increase in phishing sites created by automated toolkits. And PandaLab reports that Cybercriminals are cranking out fake Web sites to the tune of tens of thousands every week. During a three-month study of its global malware database, Panda Security found on average 57,000 new Web sites created each week with the aim of exploiting a brand name in order to steal information that can be used to drain peoples’ bank accounts.
The study found that 375 high-profile brand names were being used for the fraud, with eBay (23 percent) and Western Union (21 percent) together comprising 44 percent of all the malicious Web sites discovered.
Rounding out the top 10 list of exploited brands were: Visa, United Services Automobile Association, HSBC, Amazon, Bank of America, PayPal, Internal Revenue Service, and Bendigo Bank (Australia).
Live Demo: Banking Trojan from Panda Security on Vimeo.
Banking Trojans are one of the most prevalent Malware species in the threat landscape today. Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money. Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market. Day after day innocent victims are hacked with the end result being an emptied out bank account. This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.
More Information:
Chris Adjuenne
I have been the victim of a phising attack, they emptied my bank account LOL!
Gareth Maclachlan
Malware attacks against smartphones also rose by one-third this year. 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms
Bill Grants
Thank you, I have recently been searching for information about this topic for ages and yours is the best I have discovered so far.
Spear-phishing also is a big nuisance.
Sally Ferguson
very good put up, i wasn’t aware of how vulnerable we are
Susan Waldroff
You said it, it’s just plain impossible to get away from all these hackers, my daughter’s computer has been infected three times already with some kind of virus that the technician told us he had to erase the whole thing to get rid of it.
Amin
In Malaysia the government has advised Internet users to be wary of e-mails from “banks” asking them to update personal details, because some people actually fell for it
John Breton
Thank you for this, I hold an account at the Navy Federal Credit Union, and reading this article has helped me to understand the nature of the scam e-mail my wife has received, I don’t blame her because she has faqr too many things in her head, but luckily she got to ask me first.
Thanks so much!
Carl Laudan
Computers are not very cheap and not everybody can buy it. However, using an Internet cafe to support different people in such kind of hard situations is very insecure. I know because I seen that hapen in front f my eyes.
Melanie
Hello, i’m russian phisher, i know how to hack the pentagun, emailme for info and send me money
Joe
It is hard for me to ask this, but I have got to!I am sure that the girl that I am seeing on the Internet chat is bad for my finances. The enjoyable and free of concern period when I was liberally enjoying her presence are gone. Nowadays, I am concerned about the credit card I sent her. Every now and then I think that it would be nice if there was a similar product for women as well :)) Thus, you’re my chance – what to do now?! I’m asking for me and for all my male-associates. Thank you ahead, I wish not to say my actual person’s name.
Rick McKnight
Joe,
Kind of difficult to diagnose whether you’re the victim of a scam with so little details.
In any case you should always exercise common sense, specially where there’s money involved.
All the best
Agnes R. Jone
I have a very essential for me inquiry. I am very concerned about of the fact, that this email I clicked is awfully bad for my computer health. Now, I’m bothered to use it. Sometimes I suppose that it would be nice if there was a way of knowing for sure Thus, is there any possibility you know something that can help me?. I want to thank you and wish everybody all the best.
Rick McKnight
Agnes,
You should run a full scan on your computer to detect any malware that could have been installed by you clicking on an attachment from an e-mail.
At the following link you can read a few reviews of Security Suites:
Reviews of Security Suites for 2011
Good Luck
Sandy
Most informative post, thanks a lot
Leslie Wilson
This article is really very informative. Many thanks for that. I hope it helps many other people
Katie Foutz
Is this you, Joe?
Man pays $200,000 to save fake girlfriend in online scam
http://napervillesun.suntimes.com/news/crime/3992836-418/man-loses-200k–and-the-girl–in-online-scam.html
No wonder you say is bad for your finances.
Rick McKnight
Now, that really is a sad story. Probably Joe is just a lonely man that thought he could get some company and was trying to help someone he believed was in danger.