Menu



error This forum is not active, and new posts may not be made in it.
1
Promote
Doug Woodall

315
199 Posts
199
Invite Me as a Friend
Never trust an e-mail, phishing?
2/20/2006 12:09:20 PM
Phishing scams are becoming ever more sophisticated - the latest are even using valid looking SSL certificates to fool people into believing they are using a legitimate secure site. According to the SANS Institute, the scam uses a carefully crafted email, with links to reasonably convincing domains and text that contains part of customers' credit card number. With phishing it's not the ones they get wrong that matter, it's the ones that they get right. As a scammer, you need to send out as many emails as possible, and if one or two line up perfectly with your victim's situation, then you're on to a winner. Just one or two out of many thousands is enough to make the job worthwhile. In this case the phishermen were targeting a specific bank, had graphics, domains and even an SSL certificate that looked very convincing. It is unfortunate that the very trust systems supposed to protect users failed, and failed badly! The SSL certificate looked sufficiently authentic to convince all but the most sceptical. The scammer also took advantage of the fact that banks issue credit cards with the same first four digits, further helping to convincing the victim that this was a legitimate email. This story calls in question the ease with which SSL certificates can be obtained - undoubtedly some certificate authorities undertake more rigorous checks than others. Search Google and you will find sites supplying SSL certificates for $20 or less, issued by an automatic procedure. Presumably there is no human intervention or the need to send company certificates of incorporation or similar documentation to prove the legitimacy of the person requesting the SSL certificate. SmoothWall believes that this drive for easy profit should not be allowed to destroy the trustworthiness of one of the pillars of web security. Moral of the story? Never trust an email, I guess...... Read the entire article here, http://www.crime-research.org/news/15.02.2006/1827/
Doug Woodall SpywareBiz,,,We take the Spy out of Spyware! http://www.spywarebiz.com Providing Free Information and Recommended Products to Combat Spyware.
+0
Dave Cottrell

2900
2802 Posts
2802
Invite Me as a Friend
Top 100 Poster
Person Of The Week
Re: Never trust an e-mail, phishing?
2/20/2006 2:49:46 PM
Hi Doug, "...never trust and email... Well put, my friend. The safest way to do business online is to go directly to the website. If the email looks authentic, it's very simple to type the URL into a new browser window and check it out to make SURE it's authentic. I have a lot of websites; therefore I have a lot of email accounts, and get hundreds of scam and phishing emails every week. Examples of "authentic looking" emails have been made to look like they come from, to name a few: Paypal, eBay, Wells Fargo Bank, Citibank, and more. Thanks for keeping everyone informed. God bless, Dave
+0
1


facebook
Like us on Facebook!