Endpoint Protection

 View Only

Do as I Say, Not as I Do 

Mar 03, 2008 03:00 AM

While there are various ways for attackers to trick users intodisclosing their authentication credentials, phishing remains one ofthe most popular. Our spam traps caught a series of emails purportingto be from a disgruntled eBay user demanding an answer regarding arecent transaction. The emails contain a number of hyperlinks to theproduct in question which, when clicked, results in a browser-based FTPtransaction to a remote host which displays a carbon copy of thelegitimate eBay login page.

What caught my attention was the inclusion of one of eBay's securitytips within the fraudulent copy, instructing users to "Check that theWeb address in your browser starts with https://signin.ebay.com". Oneonly needs to follow this advice to see that the page they are on isindeed suspicious:



Why on earth would an attacker inform potential victims of a way inwhich to invalidate his own malicious scheme? Is the attacker justinexperienced and didn't run a careful eye over his creation? There isa good possibility that this is exactly the case. But more importantly,will this have any effect on the success of this attack? I'd sayprobably not.

A regular Internet user will, in time, become less security consciousas they become more familiar with the sites they frequent. While theysubconsciously check the sites' validity via the recollection of thesite by memory, only significant changes are most likely to berecognized immediately. Changes to the URL, or to parts of the pagethat are farther away from the focus area (which is the login form inthis case) are often not rechecked. Phishers know this, and rely ontheir victims to speedily log in without visually verifying the mostimportant security indicators such as the URL.

It is highly unlikely that users will scrutinize each and every sitethey traverse for indications of phishing, however incorporating aquick visual inspection of the URL when accessing banking, trading,auction, retail or any other services that deal with sensitive personalinformation will foil a high number of these attacks. A few secondscould save you a big headache.

We need to be aware every time we log in - the attackers only need us to slip up once.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.