Phishing
Techniques
Recent attempts
by Phishers target the customers of online payment services and banks. U.S. taxpayers received
Emails from scammers who appear as though they were from the
Internal Revenue Service, as a result these phishing attempts
have exposed
sensitive data. This allows phishers to possibly know which
banks or services customers/potential victims use. Senior
executives and high ranking individuals within the businesses have been
a recent target. The term "whaling" has been coined to describe these
kind of attacks.Social networking websites (e.g. Myspace, Facebook) and other community-based sites are a target of phishing because the personal details in these websites can be used in identity theft. The success rate of Phishing attempts on these sites are highly staggering. Link manipulation
Phishing is mostly used to decieve users, it's designed to create links recieved online (usually via email) seem as though they were from an established, trustworthy company when in reality it is just a spoof for the website it leads to. These Phishing links take the form of misspelled URLS and also subdomains. Another trick Phishers use is to make a link in an anchor text seem valid, but the link actually fowards to the Phishers' website. These can be very hard to spot with the untrained eye, which is why websites such as Paypal.com recommends that you manually type-in their website instead of following email links, which could be from phishers who point a link to their domains. Such Fraud links continue to populate the internet Phone phishing (aka Vishing) Phishers are so deseprate to find unsuspecting people, so much so that they find means and ways of doing this without even using websites. For example, a potential victim gets a message that is "supposedly" from a bank, telling him or her to dial a phone number pertaining to problems with their bank accounts. When the victim dials in the phone number -- which is the phishers' number -- it asks for them to type in their PIN numbers, which results in victim exposing such sensitive information to a scammer. Other techniques used by Phishers include Filter evasion and forgery of Websites. Filter evasion occurs when phishers try to use images instead of text in order to see if they can manipulate anti-phishing filters which usually catch text used in phishing. In Website Forgery victim is deceived into visitng a fake website, few phishing scams employ the use of JacaScript to change the address bar by inserting an image of a legitimate URL atop the address bar. Or opening a new legitimate address bar after closing the original. Scammers may even manipulate holes inside a trusted site and use it against customers, "cross-site scripting attacks" as it is called, directs users' to sign into their accounts (bank or services) with everything appearing legitimate, when in fact the link is created for one purpose: attack victims.
Click here to see more videos like this in our video section |
||