Fake Websites
Fake bank websites stealing account numbers and passwords have become increasingly common with the growth of online financial transactions. Hence, when using online banking, we should take precautions like using a secure encrypted customer's certificate, surf the net following the correct procedure, etc. First, the scammers create a similar website homepage; then they send out e-mails with enticing messages to attract visitors. They may also use fake links to link internet surfers to their website. Next, the fake website tricks the visitors into entering their personal information, credit card information or online banking account number and passwords. After obtaining a user's information, the scammers can use the information to drain the bank accounts, shop online or create fake credit cards and other similar crimes.
Usually, there will be a quick search option on these fake websites, luring users to enter their account number and password. When a user enters their account number and password, the website will respond with a message stating that the server is under maintenance. Hence, we must observe the following when using online banking: Observe the correct procedure for entering a banking website. Do not use links
resulting from searches or links on other websites.Online banking certifications are currently the most effective security safeguard measure. Do not easily trust e-mails, phone calls, and short messages, etc. that asks for your account number and passwords.
Phishers often impost a well-known enterprise while sending their e-mails by changing the sender's e-mail address to that of the well known enterprise, in order to gain people's trust. The 'From' column of an e-mail is set by the mail software and can be easily changed by the web administrator. Then, the Phisher creates a fake information input website, and send out e-mails containing a link to this fake website to lure e-mail recipients into visiting his fake website. Most Phishers create imitations of well known enterprises websites to lure users into using their fake websites. Even so, a user can easily notice that the URL of the website they're entering has no relation to the intended enterprise. Hence, Phishers may use different methods to impersonate
enterprises and other people. A commonly used method is hiding the URL. This can easily be done with the help of JavaScript. Another way is to exploit the loopholes in an internet browser, for instance, displaying a fake URL in the browser's address bar. The security loophole causing the address bar of a browser to display a fake URL is a commonly used trick and has often been used in the past. For example, an e-mail in
HTML format may hold the URL of a website of a well-known enterprise, but in reality, the link connects to a fake website. The key to successfully use a URL similar to that of the intended website is to trick the visual senses. For example, the sender's address could be disguised as that of Nikkei BP, and the link set to http://www.nikeibp.co.jp/which has one k less than the correct URL which is http://www.nikkeibp.co.jp/. The two URLs look very similar, and the difference barely noticeable. Hence people are easily tricked into clicking the link. Besides the above, there are many more scams that exploit the trickery of visual senses.
Therefore, you should not easily trust the given sender's name and a website's appearance. Never click on unfamiliar and suspicious URLs on a webpage. Also,never enter personal information into a website without careful scrutiny.
Solutions
Internet Explorer 7 and Fire-fox 2 both have sophisticated filters that can detect most fake websites.
Here are some other clues that might give away a fake:
• Look for evidence of a real-world presence: an address, a phone number, an email contact. If in doubt, send an email, make a phone call or write a letter to establish whether they really exist.
• The website's address is different from what you are used to, perhaps there are extra characters or words in it or it uses a completely different name or no name at all, just numbers.
• Right-clicking on a hyperlink and selecting "Properties" should reveal a link's true destination - beware if this is different from what is displayed in the email.
• Even though you are asked to enter private information there is NO padlock in the browser window or 'https://' at the beginning of the web address to signify that it is using a secure link and that the site is what it says it is.
• A request for personal information such as user name, password or other security details IN FULL, when you are normally only asked for SOME of them.
• Although rare, it is possible for your computer to be corrupted by viruses in such a way that you can type a legitimate website address into your browser and still end up at a fake site. This problem is known as 'pharming'. Check the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed. Subtle changes ('eebay' instead of 'ebay' for example) may indicate that your computer is a victim of a pharming attack.
Pharming
Similar in nature to phishing, Pharming (pronounced farming) is a Hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses - they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play on farming and phishing. The term phishing refers to social engineering attacks to obtain access credentials such as user names and passwords. In recent years pharming has been used to steal identity information.
Pharming has become of major concern to businesses hosting ecommerce and online banking websites.
Fake bank websites stealing account numbers and passwords have become increasingly common with the growth of online financial transactions. Hence, when using online banking, we should take precautions like using a secure encrypted customer's certificate, surf the net following the correct procedure, etc. First, the scammers create a similar website homepage; then they send out e-mails with enticing messages to attract visitors. They may also use fake links to link internet surfers to their website. Next, the fake website tricks the visitors into entering their personal information, credit card information or online banking account number and passwords. After obtaining a user's information, the scammers can use the information to drain the bank accounts, shop online or create fake credit cards and other similar crimes.
Usually, there will be a quick search option on these fake websites, luring users to enter their account number and password. When a user enters their account number and password, the website will respond with a message stating that the server is under maintenance. Hence, we must observe the following when using online banking: Observe the correct procedure for entering a banking website. Do not use links
resulting from searches or links on other websites.Online banking certifications are currently the most effective security safeguard measure. Do not easily trust e-mails, phone calls, and short messages, etc. that asks for your account number and passwords.
Phishers often impost a well-known enterprise while sending their e-mails by changing the sender's e-mail address to that of the well known enterprise, in order to gain people's trust. The 'From' column of an e-mail is set by the mail software and can be easily changed by the web administrator. Then, the Phisher creates a fake information input website, and send out e-mails containing a link to this fake website to lure e-mail recipients into visiting his fake website. Most Phishers create imitations of well known enterprises websites to lure users into using their fake websites. Even so, a user can easily notice that the URL of the website they're entering has no relation to the intended enterprise. Hence, Phishers may use different methods to impersonate
enterprises and other people. A commonly used method is hiding the URL. This can easily be done with the help of JavaScript. Another way is to exploit the loopholes in an internet browser, for instance, displaying a fake URL in the browser's address bar. The security loophole causing the address bar of a browser to display a fake URL is a commonly used trick and has often been used in the past. For example, an e-mail in
HTML format may hold the URL of a website of a well-known enterprise, but in reality, the link connects to a fake website. The key to successfully use a URL similar to that of the intended website is to trick the visual senses. For example, the sender's address could be disguised as that of Nikkei BP, and the link set to http://www.nikeibp.co.jp/which has one k less than the correct URL which is http://www.nikkeibp.co.jp/. The two URLs look very similar, and the difference barely noticeable. Hence people are easily tricked into clicking the link. Besides the above, there are many more scams that exploit the trickery of visual senses.
Therefore, you should not easily trust the given sender's name and a website's appearance. Never click on unfamiliar and suspicious URLs on a webpage. Also,never enter personal information into a website without careful scrutiny.
Solutions
Internet Explorer 7 and Fire-fox 2 both have sophisticated filters that can detect most fake websites.
Here are some other clues that might give away a fake:
• Look for evidence of a real-world presence: an address, a phone number, an email contact. If in doubt, send an email, make a phone call or write a letter to establish whether they really exist.
• The website's address is different from what you are used to, perhaps there are extra characters or words in it or it uses a completely different name or no name at all, just numbers.
• Right-clicking on a hyperlink and selecting "Properties" should reveal a link's true destination - beware if this is different from what is displayed in the email.
• Even though you are asked to enter private information there is NO padlock in the browser window or 'https://' at the beginning of the web address to signify that it is using a secure link and that the site is what it says it is.
• A request for personal information such as user name, password or other security details IN FULL, when you are normally only asked for SOME of them.
• Although rare, it is possible for your computer to be corrupted by viruses in such a way that you can type a legitimate website address into your browser and still end up at a fake site. This problem is known as 'pharming'. Check the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed. Subtle changes ('eebay' instead of 'ebay' for example) may indicate that your computer is a victim of a pharming attack.
Pharming
Similar in nature to phishing, Pharming (pronounced farming) is a Hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real addresses - they are the "signposts" of the Internet. Compromised DNS servers are sometimes referred to as "poisoned". The term pharming is a word play on farming and phishing. The term phishing refers to social engineering attacks to obtain access credentials such as user names and passwords. In recent years pharming has been used to steal identity information.
Pharming has become of major concern to businesses hosting ecommerce and online banking websites.
No comments:
Post a Comment