Articles Index About 60-Seconds Submit an Article Contact Us About the Editor
Phishing for you?
This column, part of DTG Magazine has been published since 1990.
* The Design Center * Design Bookshelf * DTG Magazine * Photoshop * Photoshop 911 * Photoshop Help * Photoshop Resources * Photography * Web Design * Fonts & Typography * The Design Cafe * User Groups * Info Manager
Got content? Share your articles, reviews, tips and tricks with DTG readers around the world. (Ask about our writer guidelines for ideas.) Contact us. Submit Article
#190 February, 2007
You've heard it before: "If they're intent on breaking in, they're going to break in. You can't stop a good criminal."
With browsers, web sites and financial institutions becoming more and more anti-phishing savvy, organized online crime also raises the bar.
For the first time, phishing attacks have outnumbered e-mails infected with viruses and Trojan horse programs. It must be working.
Phishing is getting much more sophisticated, as illustrated on another eBay knock-off that hit Germany on Thursday. The email itself claims that a direct debit order could not be processed and asks users to double check their account details and enter the correct details. That's not so bad. However, clicking executes the attachment ('bill.exe') which initiates a malicious code downloaded which hides in the background while the web page displays a PDF file.
TMCnet's Raju Shanbhag, TMCnet explains about the new "Two-factor authentication"
"Two-factor authentication involves the user entering pseudorandomly generated codes and a password. This method of authentication was developed after hackers used keyloggers to get the password and broke into the accounts. This pseudorandomly generated code can be used only once."
But just about as fast as the banks can protect themselves, online crime and terrorists program around it...
Raju continues...
"The hackers have found a new workaround for this authentication tool. The man-in-the-middle attack hijacks a user session and users are lured into visiting a spoofed portal. This portal is hosted on a compromised machine and once the information is entered, such bank details and codes are relayed to the to the real bank site. Once the users have validated their identity on the real system by way of the compromised relay, hackers take over the session."
Most people think it can't happen here, but it's getting harder and harder to tell the difference between the good and the evil...
Raju continues...
"To make the phishing e-mails more believable, they are becoming more personalized. While earlier attackers just sent phishing e-mails to a randomly selected list, nowadays these messages contain details about the banks, which the receiver actually uses. Also, many phishing Web sites are now using Flash content rather than HTML to escape anti-phishing technology deployed in modern Web browsers."
Read: Hackers' Favorite Phishing: spam version, or print version.
Here's an excellent PodCast from CNet: Joris Evers and CNET's Robert Vamosi give their take in this week's Security Bites podcast : Phishing overtakes viruses, Trojan horses
(Listen to the PodCast MP3)
Fortunately the implementation and deployment of IPv6 will cure all this. But when it's become standard, I have a gut feeling that organized online crime will break that too.
Thanks for reading...
Editor: DTG Magazine and 60-Second Windows contact me!
Please take advantage of everything we have to offer. It will only help you in your daily activities. Please also take advantage of all the opportunities that exist in the online community. Ask questions, offer feedback, and contribute your ideas and opinions. We're here for you, and we're all here for each other.
* Back to 60-Second Window
* The Design & Publishing Center
* DT&G Online Magazine
Would you like to carry the 60-Second Windows column in your newsletter or web site? Ask us about our syndication program... join hundreds of others who now publish 60-Second Windows!
60-Second Windows is wholly owned by the Design & Publishing Center, part of Showker Graphic Arts & Design, Harrisonburg VA; in the Shenandoah Valley of Virginia -- Copyright: 1990 through present, All Rights Reserved.