HostingGreen web hosting packages
TutorialsBeginners guides to SEO & hosting
WIGHT HAT BLOG
Adam Provis, January 17, 2012
I will also be victim to a phishing attack shortly afterwards!
For those of you not familiar with the term “Phishing”, it is when people obtain information from you by disguising why you should give them the information. This information can then be used for identity theft, security access (for example to your bank account) or by marketing companies. The term originates from the phonemic equivalent “fishing” replacing ‘f’ for ‘ph’ to follow terms such as “phreaking”.
These have been around for some time. A common phishing attack was to have a screen that looked like your normal login screen (for your computer, bank or anything else that you might enter a password into) and send people to it. The unsuspecting user would enter their details as they normally do. After this the “fake” page would record these details and then show some sort of “password incorrect” error and ask you to log in again- this time to the genuine screen so that you gain access and think nothing more of it. The attacker has now got you username and password details on record.
To combat this, banks typically ask further questions once you are logged in such as your mother’s maiden name, your first pet, your date of birth etc. To get this information you need only do another phishing attack but this time dress it up as a game. Most people have been asked what your porn star name is (your first pet followed by your mother’s maiden name), your star wars name (the first car that you drove followed by something or other) and these, whilst they seem like harmless fun can be further phishing attacks. It is a case of “how can I get someone to tell me this information without arousing suspicion?”.
The latest one is targeted at women. You post on Facebook that you are going to a city (which corresponds to your month of birth) for X months (which corresponds to your date of birth). Coupled with your age (which is already on your Facebook profile) and you have the person’s date of birth. A clever twist of this is that most geeks out there (that are generally more aware of these scams) are men and so by making part of the game not to tell men reduces the general suspicion level.
Be afraid- Nigerians may have your bank account in their sights.
Adam Provis, June 9, 2011
Courtesy of XKCD
Adam Provis, May 26, 2011
The chances are that you’re losing visitors to your website- but don’t worry, you can fix this pretty easily and maybe even steal visitors from your competitors! When people link to your website from another website, blog or news article they sometimes make mistakes. If is very easy to put the wrong URL into a [...]