The website exploded phishing on the Web
Do you think the new integrated phishing filter inside IE7 and Firefox 2 browsers will protect your personal data? Think again.
The number of websites launched for mining, phishing and phishing has increased with rocket speeds last year, while the number of victims of phishing missions has nearly doubled. In November 2006, the US Anti-Phishing Foundation discovered 37,500 new websites, up to 709% from the 4630 sites of the same period last year.
Last October, both Mozilla and Microsoft released the latest browser versions, with the ability to blacklist phishing websites, then use this list to prevent users from accessing those addresses.
In response, the phishers immediately bombarded the cyber world with countless new phishing and phishing websites, at such a fast rate that difficult filters could keep up the list or erase.
The phishing world "lays" the new website so easily that it is alarming, plus a series of new phishing tactics, making the security community flutter. There is even a bitterness to admit that the phisher world is the ones in this war.
" At some stage, technology that relies too much on black books will become useless ," said Zulfikar Ramzan, senior expert at Symantec Security Response Group.
Phishing like peeling candy
Source: SecurityLabs Last month, "phishing" toolkits (allowing criminals to create fake-like fake websites with extremely high levels of persuasion and modest humility) began to be advertised. sold abundantly on the "black market" website.
Fake sites create images and design layouts from real websites, usually from banks or financial institutions. When the user logs in, the information such as account, password will be transmitted back to the real website so that the log-in process takes place normally. Users are unaware that copies of sensitive data have fallen into the hands of phishers.
Along with the flow of data to pour into the hands of criminals are huge profits. Research firm Gartner estimates that as many as 3.5 million Americans have neglected to disclose top-secret information to scammers in 2006.
This number jumps to 86% compared to 2005 - and the economic losses they have to bear up to 2.8 billion USD. A phishing gang has a name called Rock Phish, even earning more than $ 100 million.
According to security experts, Rock Phish is the culprit who came up with a series of new techniques, contributing to the explosion of phishing websites. Image spam (sorting spam over filters by embedding images into email content) is also a product of Rock Phish.
They even predicted that one day, Rock Phish alone will account for more than half of the world's phishing websites.
Headache to find solutions
Active scanning technology is a direction that many people think about. Instead of relying on a blacklist, listing known phishing websites, the technology analyzes the specific behavior of any website, searching for techniques and tactics that phishers often use. According to Microsoft, IE7 used this technology.
In addition, the security community also noted the emergence of a new site authentication standard - called EV SSL (or extended authentication security layer). To get this "seal of confirmation", a website will be subject to an inspection by an intermediary company such as VeriSign or Entrust to ensure at least it looks legitimate.
After "passing" the test, at these sites, the browser address bar will display green. Microsoft has supported EV SSL in IE7 browsers, and many large e-commerce sites such as Pay-Pal have just begun to apply the standard.
However, please don't be happy. The tremendous rise of phishing websites shows that phishers have all the tricks to bypass automatic filtering tools. Most recently, they have developed a number of new technologies, threatening both security standards such as EV SSL.
The best way to protect
Currently, people have not found any medicinal drug to protect themselves harmless about phishing problems. Even so, there is a simple way to protect yourself: never click on an email or an intermediate website to log into your financial account.
Instead, always use your own bookmarks, or take the time to type in the full website address in the browser address bar, even if you're 100% sure that the email is legitimate.
Automated tools like Password Safe can help. However, to combat mischievous phishers, the best protection plan you have is still . yourself.
Trong Cam
- The .vn website is used to phishing Japanese banks
- Phishing website grows 166% / month
- PayPal and eBay tops the list
- Phishing tool allows you to create a ghost website in ... 2 seconds
- Plug-in helps detect phishing websites
- The US website contains 63% of the malicious code
- Damage caused by phishing established a new record
- The number of phishing sites set new records
- The bowl of noodles suddenly exploded even though no one touches the viewer.
- Li explained the phenomenon of watermelon suddenly exploded
- Vishing - phishing through VoIP
- Skype was again disguised as a fraud