Hackers and phishers are opportunistic. They quickly take advantages of news events. In many cases that involves a disaster, natural or man-made. This time, the online crime involves the new President:
The criminals who phish are quick to switch methodology. When one tactic is not productive enough, the phishers change to a new tactic. The noticeable change has been that there is less emphasis on spoofed web sites. There are new methodologies:
The twitter network is buzzing about the possibility that Twitterank is a phishing scheme. The creator of Twitterank, Ryo Chijiiwa, offers an explanation:
When is a patch really a patch? The patch for the internet security issue identified by Dan Kaminsky is flawed:
“SAN FRANCISCO — Faced with the discovery of a serious flaw in the Internet’s workings, computer network administrators around the world have been rushing to fix their systems with a cobbled-together patch. Now it appears that the patch has some gaping holes.
On Friday, a Russian physicist demonstrated that the emergency fix to the basic Internet address system, known as the Domain Name System, is vulnerable and will almost certainly be exploited by criminals.”
link: Patch for Web Security Hole Has Leaks of Its Own
This seems like an open challenge for phishing schemes to exploit this flaw. The crux of this problem is rather daunting. Basically, the system is not design to protect and verify identity.
Catherine Forsythe
Hackers are quick to identify a weakness and follow where the most money can be made. It seems that hackers have identified small and medium enterprises (SMEs) as a prime target:
“More than 200,000 British businesses have already fallen victim to identity theft and thousands more could be at risk, according to a survey of 200 SMEs carried out on behalf of Close Invoice Finance, part of the Close Brothers merchant banking group.
The findings appear to show that organised criminals are now turning their attention from the well-documented personal identity theft to the corporate market, with small and medium sized businesses top of their hit list…”
link: Thousands of SMEs risk identity theft
These enterprises do not have the staff nor the budget to dedicate to what is required in terms of security. The advantage is to the hackers. Furthermore, phishing attempts directed at individuals have limited financial gain. It is limited by the amount of the victim’s bank account. An identity theft of a business enterprise, on the other hand, can be compared to having an open check book. The ill-gotten gains with such a breach of security is limited only by the hackers’ imagination.
Catherine Forsythe
The latest version of the Opera browser is 9.5 and it is available for download:
link: Opera
This latest release includes phishing protection. This browser is suitable for Mac, Windows and Linux. Opera claims that this is the fastest browser available.
Catherine Forsythe
American Airlines has issued a security warning against a phishing attack:
“American Airlines has warned members of its AAdvantage frequent flier program of a pfishing (sic) scheme that uses a bogus AAdvantage Web site to reap personal financial information, which can be used in identity theft and other financial fraud.”
link: Phishing warning issued
In these times of rapid regulation changes in the airline industry, the travel public may see this survey scheme as being a legitimate consumer poll. The hackers and phishers are clever. They are stellar at manipulation. They try to take advantage of current news issues and recent tragedies, natural or man made. This airline survey ploy is an attempt at identity theft. Don’t be fooled…
Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/
The people who spam and phish for data must be celebrating. There is good news for Massachusetts tax payers:
“The Internal Revenue Service is putting out an all-points bulletin for Massachusetts tax payers who are collectively owed $3 million in refunds - or an average of more than $1,000 each.”
link: IRS wants to refund $3m to Mass. residents
This is ideal for the social engineering that will follow. People in Massachusetts will have seen the news item in the media. Then there is the email from the IRS. The only thing is… the IRS is not emailing you. The people phishing for your personal information are email you.
Along with this news item should be cautionary notes to the tax payers of Massachusetts.
Catherine Forsythe
Director of Operations
FlyingHamster: http://flyinghamster.com/
[tags]irs, phishing, security, spam, email, tax refund, massachusetts[/tags]
