Computer Crime Research Center

phishing/japan.gif

ONLINE CRIME: A Booming Business

Date: April 15, 2005
Source: SFGate.com
By: Carrie Kirby

... according to Symantec, viruses are written to spread trojans that put infected computers under the control of the virus sender.

The virus writers can then charge anywhere from $50 to $50,000 to send spam with their botnets, VeriSign's Silva said.

A wider net

In addition to getting trickier, phishers are widening their net. Smaller businesses, such as local credit unions, are being attacked in addition to big companies, said research firm TowerGroup. That's a concern because small companies don't have the resources of a Citibank or an eBay to defend themselves.

And phishing attacks are showing up on instant messenger programs, too, according to instant messenger software provider IMlogic.

In one case, a scam artist used Yahoo Messenger to lure people to a fake Web site where they were asked to provide their Yahoo user name and password. Then the attacker would have access to any information stored in the victim's profile and could pose as the victim in an instant message or an e-mail.

The best way to stay safe from phishers is to avoid giving out personal information in response to any e-mail message, experts say.

"Call the company on the telephone or log on to the Web site directly by typing in the Web address in your browser," advises the Anti-Phishing Working Group.

Some argue that financial institutions have the responsibility to come up with foolproof ways to identify themselves to customers.

But until that happens, people need to be vigilant about making sure they know whom they are communicating with.

"You wouldn't give someone who asked you on the street your credit card or Social Security number," said Matt Parrella, chief of the San Jose branch of the Northern California U.S. attorney's office.

Phishing for victims

Phishing is the fastest growing form of online fraud. Here is how the scam generally works:

1. The crook sends you an e-mail that pretends to be from eBay, your bank or some other business.

2. The e-mail asks you to click on a link that leads to a Web site that looks legitimate but is bogus. Some of these e-mails and Web sites are indistinguishable from the real ones.

3. On the site, the unsuspecting consumer is lured into entering private information, such as a user name and password, credit card number or Social Security number.

4. The crook takes that information and uses it to commit fraud.

Don't fall for the bait: How you can thwart phishers

Here are some tips on how to stay out of the phishers' net:

- A legitimate e-mail from the bank or another company where you have an account will generally include your name. Dear customer" is a red flag.

- Don't e-mail personal or financial information. Legitimate firms don't ask for this information by e-mail.

- Don't follow a link in an e-mail to the company's Web site. Open a browser window and type in the company's address instead. If you're suspicious, call customer service.

- Regularly check your statements from bank and credit accounts for fraudulent transactions. Financial institutions will generally reimburse you if you were the victim of fraud.

- Avoid accessing online banking at a public Internet terminal, such as in a library. A thief may have installed software to capture the information of anyone who uses it.

- Check an e-mail's digital signature to ensure that it is authentic. The Anti-Phishing Working Group explains how at www.antiphishing.org/smim-dig-sig.

- Forward phishing e-mails to spam@uce.gov. If you believe you've been scammed, file your complaint at www.ftc.gov, then visit the FTC's Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft. Or call the FTC at (877) 382-4357.

Top phished firms

Here are the companies that phishers used the most in their scams in March:

EBay

Washington Mutual

PayPal

Charter One Bank

KeyBank

Bank of the West

International Bank of Asia

Huntington Bank

Bank of Oklahoma

North Fork Bank

The Chronicle
Original article



Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-02-26 07:44:29 - The information I found here was rather... uomo
2007-02-22 16:02:38 - Nice site you have!... dizionario
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo