Computer Crime Research Center


Online fraud: 'phishing' trips on Internet on the rise

Date: September 26, 2004

According to the Newscientist, 'phishing' involves duping a web user into handing over financial details or passwords for an online bank or e-commerce store, enabling the user's account to be raided.

Swindlers often send out fake administrative emails designed to lure people to a website that may seem like an authentic bank, and has only a slightly different web address, where they are asked to provide account information.

However, the majority of flaws discovered by NGS did not involve fake sites. Instead, NGS most frequently found configuration errors that could be used to redirect sensitive information from a legitimate web site to a fraudulent one without the user knowing.

But Gunter Ollman, professional services director at NGS notes that these vulnerabilities can be fixed once they are detected.

"Financial organisations do spend an awful lot of money on security," he was quoted as saying.

"However, when you look at the average e-retail site, they tend to be a lot worse," he added.

Ollman also warned that phishing fraud is becoming ever more sophisticated. One of the latest tricks, for example, involves using fake banner advertisements to entice users to a fake bank site with the promise of a special promotion.

Peter Sommer, a computer crime expert at University College London, says phishing poses a huge problem for web companies. "I think it's a pervasive problem," he was quoted by the report as saying.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo