Venezuela / Caracas Security Alerts and Scams
Phishing - An Internet Con to Get Your Bank / Credit Card Details
By
Apr 12, 2004, 18:40

The name phishing comes from fishing for passwords or credit card details, spelt in the hacker style. It seems to date from 1996 when hackers were stealing AOL account names and passwords from gullible new users, with a hacked account known as a "phish". Now it has spread from stealing access to someone's e-mail to stealing their credit card details, or the contents of their bank account.

So-called phishing cons have become increasingly common recently among tech-savvy criminals keen to steal cash from gullible users by making them hand over sign on or account details.

Security experts say users should be suspicious of any e-mail that asks them to verify confidential information. Most phishing attacks involve an e-mail that purports to be sent out by a legitimate organisation, such as a bank, that asks users to enter information on a special site.

The latest con uses a fake version of a web browser's address bar to hide a bogus site set up to collect Pin codes for cash machines.

Anyone following the instructions will unwittingly be handing over details to conmen who use them to empty the account of cash.

Often the fake websites are difficult to spot because they do a good job of reproducing the website of the company they are impersonating.

The Anti-Phishing Working Group has come across an even more sophisticated attack that targets Citibank customers.

When users click on the web link in the e-mail of this latest attack, the site they are taken to detects what browser they are using, suppresses the real address bar and generates a fake one to take its place.

The biggest problem for the Cyber Con when trying to fool people is what appears in the address bar of the browser, but the latest wave of attacks removes that problem. This fake browser bar shows the real web address of the firm being impersonated rather than the address of the scam site the user is actually visiting. The address bar even acts like a real part of the browser and will direct net users to other website addresses that are typed into it.

The website also fakes the appearance of the webpage code used to create it to make it look more convincing.

There are some simple rules to avoid falling for this sort of scam.

·         Never click on a link in an e-mail, even if it looks OK, It’s safer to type it into your web browser. This is really important because a recently discovered bug in Microsoft's Internet Explorer means that a scammer can make a fake website look real.

·         Remember, Banks do not ask for customer passwords in e-mails, you always do this on a secure site. One of the few clues that it is a fake is the fact that it does not show a locked padlock icon for the supposedly secure web-browsing session it is supporting.

·         Companies like eBay and Amazon.com PayPal etc do not send out e-mails asking you to verify personal details, they wait for you to log in and then tell you there is a problem.

·         The grammar and style of the original e-mail maybe slightly suspect.

·         Always be cynical and ask: ‘Why would my bank be sending me this e-mail’?

Click here for previous Rincon Security Alerts/Scams