Phishing Is Becoming Advanced – So Should Users
Each and every day a new phishing attack surfaces and rears its ugly head. In 2005 reports of unique phishing attacks more than doubled and this trend shows no signs of slowing down any time soon. Phishing schemes are becoming more and more sophisticated and web users need to get just as sophisticated.
Gone are the days of simple e-mail based phishing attacks. The nefarious persons behind the creation of these clever ploys are stepping up the game to now include brand targeted phishing attacks and pharming.
The basic phishing attack is a form of fraud where the phishing initiator attempts to trick one into disclosing confidential information that can be later used for illegal purposes. These types of attacks are normally sent via e-mail to an unsuspecting recipient and will include details on how the reader has either won a great deal of money or can make money by helping out some poor soul in another country who has scads of money. The reader is instructed to give out banking information, social security numbers or even credit card numbers. Of course, the result of this is a sudden loss of money from accounts or a credit card being created illegally. Most internet users today are aware of these tricks and have been trained ad nauseum in the ways of deleting these e-mails immediately.
Brand targeted phishing
The next type of phishing takes a bit more technical skill – brand targeted phishing. These are the kinds of attacks seen accomplished on major company web sites. The advanced phisher knows how to find weak spots in web site coding and will inject their code into these web sites. Brand targeted phishing is exactly that – attacks on major brands, businesses and corporations. Ebay and Citibank are two companies that have seen more than their fair share of this kind of phishing with customers being attacked daily not too long ago. If the phisher doesn’t attack the web site itself, they will send e-mails that look exactly like those being sent by the company to include actually using the company’s own mail servers to send them.
If this wasn’t all scary enough, pharming has become the phishing attack for the future. Pharming is the practice of highjacking a domain name server to redirect visitors from an actual legitimate web site to a carbon copy of that site. Unsuspecting users and customers are lead to believe they are on the legitimate site and have no qualms about giving out secure information – after all, as far as can be seen by the uninformed, it’s the legitimate web site.
To combat pharming, web site owners need to instruct their users on how to detect a possible web site imposter. Some of the indicators are misspelled words, web links that do not work correctly and security certificates that are not valid.
As the web grows so shall the types of attacks geared toward gathering private and secure information. It’s imperative that companies and users step up their level of understanding in how to combat phishing now and into the future.