Announcements:

I am currently writing at Computelogy.com actively and that's why i sort of abandoned my own tech blog. Since i am too busy to be taking care of both sides, i guess this blog will go into hibernation for a very very long time. Regrettable, but then it's hard to come up with new posts & stuffs.

So once again, i am now writing actively at Computelogy. Feel free to visit there and enjoy our latest articles and posts!

November 10, 2008

Online Threats: Phishing

Every time you're setting up your PC, whether after a new purchase or after a reinstallation of the operating system, you open up the browser only to find a message asking you on the configuration of your antiphishing filter (you will definitely run accross this setting if you're an internet explorer user). Most users, experienced in web browsing or not, can easily recognize it as an online security measure provided bu the Internet Browser and simply turn it on. The problem is, despite the security description it displayed, do users really understand why antiphisihing filter exists?

The online threat antiphishing filter aim to deter is what we called as "phishing".

Phishing originates from the word 'fishing', which in the computering field, is used to describe a situation when someone tries to acquire your sensitive information by posing as a legitimate entity in an online communication. Phishing can be regarded as fraudulent online criminal act, and its main element of threat is via deception/fraud. This kind of online threats are mostly prevalent on instant messaging software, e-mail services, auction sites (such as eBay) & social networking sites such as Myspace, therefore making it a tricky job for users not to get "phished".

Statistics on countries which had the most host in phish websites. US seems to have alot of guys who phish....

If you had read my previous entries on spywares and adware, you'll notice that phishing, from a certain point of view, is quite similar. However, what differentiates identity-extracting spywares & adwares from phishing is that phishing only threatens users who are using the internet at the time of present. As for antispywares, they can only find & send your sensitive information back to its creator when they successfully infiltrated your PC (which can be avoided for most of the time if you own a decent antispyware protection).

These are the phishing techniques that i want to share with you:

  1. Link Manipulation (fake link which directs you to a phishing website rather than the webpage you intend to go)
  2. Filter Evasion (the use of images instead of text to avoid traditional antiphishing detection)
  3. Website Forgery (fake webpage designed based on a legitimate website)
  4. Phone Phishing [Phishing via voice-over internet protocol (VoIP)]

Typical example of a warning from the Mozilla Firefox browser on a phish website

If you think phishing is not as dangerous as it sounds, think again. Imagined that you have been "phished" by an online criminal. The criminal had information of your credit number at a certain bank, username and password of a certain site and even your mother's surname. He/she can do whatever they want with the information: Change the username & password and deny you of your priviledge of accessing into your own social site, create fake accounts with your name, use up all your bank credit via online purchases and even expose your personal identity worldwide!

Illustration of how a phisher hoax users via link manipulation & website forgery

Personally, i once had a girl telling me that phishing is a pointless security issue- a very wrong concept for a computer user, especially as when she is involved in online purchases to a certain degree. It's true that this online threat can be evaded as long as you have updates to your antiphishing software/security software, but remember: even the best security software takes time to update on certain threats; sometimes it even took months for security vendors to discover a long existing phishing threat and issue an update.

My advice to you all who care: Be constantly vigilant while browsing the internet!

Masterminded by James on 12:05 AM

0 opinion:

Post a Comment

Subscribe to: Post Comments (Atom)

Review Digital Plexus

I do not know how well this blog is doing unless there are feedbacks. Please do leave a review or two with us on how you think about Digital Plexus, its authors or the qualities of the posts. Good and bad comments are all welcomed, but please avoid posting rude/obscene comments that are not helpful to any of us working on this blog:

Disclaimer:

This blog is dedicated for the benefits of those who seeks experiences, knowledge or information in the computer, IT news, technology and software & hardware area. Digital Plexus cannot control how readers use the information, including any fraudulent conducts, illegal activities or deeds as regard by the law. Therefore, Digital Plexus & its authors shall not be liable to any damages caused by readers who misuse the information provided.

Digital Plexus utilizes information from many sources, including personal experiences of authors. Digital Plexus will never claim credits or ownership rights regarding the information it used in the blog, except for the raw articles posted on the blog - those are original materials written by the authors of Digital Plexus itself after the compilation of various information and/or experiences.

Followers

  © Blogger templates 'Neuronic' by Ourblogtemplates.com 2008

Back to TOP