Phishing Is Becoming Advanced – So Should Users

Each and every day a new phishing attack surfaces and rears its ugly head. In 2005 reports of unique phishing attacks more than doubled and this trend shows no signs of slowing down any time soon. Phishing schemes are becoming more and more sophisticated and web users need to get just as sophisticated.

Gone are the days of simple e-mail based phishing attacks. The nefarious persons behind the creation of these clever ploys are stepping up the game to now include brand targeted phishing attacks and pharming.

Phishing

The basic phishing attack is a form of fraud where the phishing initiator attempts to trick one into disclosing confidential information that can be later used for illegal purposes. These types of attacks are normally sent via e-mail to an unsuspecting recipient and will include details on how the reader has either won a great deal of money or can make money by helping out some poor soul in another country who has scads of money. The reader is instructed to give out banking information, social security numbers or even credit card numbers. Of course, the result of this is a sudden loss of money from accounts or a credit card being created illegally. Most internet users today are aware of these tricks and have been trained ad nauseum in the ways of deleting these e-mails immediately.

Brand targeted phishing

The next type of phishing takes a bit more technical skill – brand targeted phishing. These are the kinds of attacks seen accomplished on major company web sites. The advanced phisher knows how to find weak spots in web site coding and will inject their code into these web sites. Brand targeted phishing is exactly that – attacks on major brands, businesses and corporations. Ebay and Citibank are two companies that have seen more than their fair share of this kind of phishing with customers being attacked daily not too long ago. If the phisher doesn’t attack the web site itself, they will send e-mails that look exactly like those being sent by the company to include actually using the company’s own mail servers to send them.

With this type of phishing, it lays on the shoulders of companies to raise customer awareness of these threats. Additionally, security must become a number one priority. Javascript is one of the easiest ways for phishers to attack as are requested user input PHP scripts. E-commerce security solutions should be put into place that assure customers that they are, indeed, at the true web site and not some phisher created scam site. Specific measures should also be put into place with regard to e-mails sent by the company to customers. This can be something as simple as educating customers in the practices the company takes with regard to what information they would actually send and request via e-mail.

Pharming

If this wasn’t all scary enough, pharming has become the phishing attack for the future. Pharming is the practice of highjacking a domain name server to redirect visitors from an actual legitimate web site to a carbon copy of that site. Unsuspecting users and customers are lead to believe they are on the legitimate site and have no qualms about giving out secure information – after all, as far as can be seen by the uninformed, it’s the legitimate web site.

To combat pharming, web site owners need to instruct their users on how to detect a possible web site imposter. Some of the indicators are misspelled words, web links that do not work correctly and security certificates that are not valid.

Conclusion

As the web grows so shall the types of attacks geared toward gathering private and secure information. It’s imperative that companies and users step up their level of understanding in how to combat phishing now and into the future.

Related Articles