- Get link
- Other Apps
Data spies have discovered the Internet as a platform for their activities. Originally used as a term for the theft of personal data over the phone, "phishing" is now almost a synonym for any kind of data theft by email, even if new variants such as "pharming" are constantly being added.
But not only has the quantity increased, but also the criminal energy behind the attacks. Phishing is now increasingly practiced by organized gangs and systematically. The typical procedure: First, copies of existing websites of respected companies and brands are made, from financial service providers and banks to web auction houses and online travel agencies. Hundreds of thousands of emails are then sent via - similarly professionally organized - mass distribution means, which are intended to lure the recipient to the fake website.
Professionals at Work
The hope: Some of these emails will reach customers or potentially interested parties of these companies. If the attack is successful, the bona fide customers then reveal their personal data, passwords, or credit card details, for example when ordering fictitious goods. As with spam, even a very low success rate of one or two percent is sufficient for the phishers to make the effort - after all, there are practically no costs for mass mailing. In fact, the number of hits is usually significantly higher: The Anti-Phishing Working Group (APWG), set up as a counter-offensive by industry and trade, estimates the success rate of phishing attacks at five percent.
The direct losses for banks or credit institutions are now running into billions. Since the legal position between the injured party and the company is unclear, the end customers bear the greater damage themselves. Gartner estimates this at 50 billion euros.
Not Just Banks Affected
The financial services market is most frequently hit by data phishers: over the past 18 months, many large banks around the world have been affected by phishing incidents. In Germany, Postbank was again the target of a phishing attack recently.
The latest target groups for phishing attacks are users of payment services such as Paypal and e-commerce platforms such as eBay. A fake page for ordering airline tickets online also recently appeared. Every commercial organization that conducts customer transactions over the Internet represents a potential target. The consequences for the companies concerned range from customer uncertainty and damage to the image to loss of productivity and legal disputes.
The technology used by crooks is becoming increasingly sophisticated. The often perfectly falsified company letters are difficult to distinguish from legal electronic correspondence in the daily flood of information. Just a few years ago, the technical effort involved in fraudulent emails was minimal. The online spies went with simply structured messages and unrealistic business offers to capture customers and data. Only a few attempts have been made to laboriously clone customer portals. In the meantime, however, phishers have taken control of networks from broadband PCs and use them as "botnets" to host the fake websites. This not only hides the real identity of the websites for longer.
Due to the use of a distributed network of hijacked computers, large-scale phishing attacks can also be carried out with mass distribution. The tactics have also changed. So far, recipients have been persuaded to click a link in the phishing email that leads to the impersonated website. Lately, new techniques have come into play that is less dependent on user involvement.
Proceed More and More Aggressively
Phishers use mass emails to spread Trojans, worms, and spyware programs that exploit security holes in the operating system and nestle on hard drives. There, the invisible spies record key sequences, accessed Internet addresses or passwords. This data is then sent to hidden data centers for "further processing".
A new threat is also emerging with a technique called pharming. This is where "domain spoofing" comes into play: the Internet address of a website is forged in a clever way by manipulating the address resolution on the Internet.
The DNS (Domain Name System) servers responsible for this are manipulated using a method called "DNS cache poisoning" in such a way that the URL names are no longer used to determine the real IP addresses, but rather the IP addresses of the fraudulent web -Server. So if a user wants to access his online bank, he ends up on a fraudster's server.
Manipulation Through Pharming
Another pharming variant changes the hosts' file, which can also convert URLs into IP addresses on Windows computers. It contains a table with the most frequently used IP addresses. If this file is overwritten, the user is automatically shown a fake page each time the desired page is selected. To do this, however, a malicious program must first reach the user's computer in order to make the changes.
Technical solutions filter out more than 90 percent of all dangers in advance. However, if employees behave negligently when handling electronic communication, anti-virus solutions or firewalls are of no help.
Companies should therefore give their employees clear rules of conduct. In order to reduce the damage of possible misuse of their own web pages, companies that are active in e-commerce have to inform their customers about the dangers of phishing. This includes guidelines from which customers can find out which information the retailer will request from them and how.
Ultimately, the most important protective measure for any individual is to be always vigilant when new emails land in their inbox. Unsolicited email attachments should generally not be opened as they are often contaminated with malware. Phishing emails can often be recognized by their linguistic deficiencies and format errors. Most also contain a URL, and the subject lines relate in some way to the personal account.
In addition to these measures, techniques for detecting and countering suspicious activity are essential. The most effective approach is proactive monitoring at the Internet gateway level. Only at this point, at which all e-mail traffic is filtered, is it possible to analyze unusual traffic patterns, suspicious e-mail origins, possible security gaps, and new malicious program code. In this way, companies can effectively protect themselves against the constantly changing threat scenarios.
Pharming, too, can only be stopped with proactive security systems that recognize and prevent changes to the IP address. Therefore, a security solution with reactive and proactive protection systems such as complete security software is recommended.
Countermeasures Possible
Operating systems and applications must also be regularly provided with the latest updates and patches so that no weak points can be exploited. Companies that do not release internal resources for this task, but still do not want to let the danger penetrate their own network in the first place, should consider commissioning an external provider of managed e-mail security services.
Comments
Post a Comment