Introduction to new phishing techniques - gHacks Tech News

Introduction to new phishing techniques

Many Internet users are still unaware of the dangers of phishing, a technique to steal credentials, financial data and other sensitive information from unsuspecting Internet users. Some may know about first generation phishing attempts and that they should not trust emails that they receive in their inbox, and that they certainly should not open any attachments or click on links if they suspect illegitimate emails.

Still, there are many more who do not know even that and fall pray to phishing attacks that steal data or plant malicious software on their systems.

Anti-Phishing toolbars and implementations in major browsers or on a system-wide level are useful but can, as you will see, give you a false sense of security. This can be attributed to the fact that databases that contain the information are not updated in real time. Someone has to report a phishing website before it will be added to the database, it would be more than difficult to create an automatic solution for the problem. While there are attempts to do just that, those solutions are not 100% accurate either.

A second issue are new techniques used by hackers that are not detected by ant-phishing toolbars and programs.

Flash Phishing

Anti-Phishing toolbars do check the page contents for signs of phishing and also addresses, but do not analyze flash objects at all. Hackers know this and tend to use this to their advantage by using flash to emulate the original website. Users may believe that a website is "clean" because their anti-phishing toolbar does not warn them if they visit it.

It is however relatively easy to find out if the current website is fake.

  1. You need to take a look at the url in the address bar. If it is not the original address leave it immediately.
  2. Check if it is using https instead of http. If it is using http leave the site immediately.
  3. If it is using https check the certificate.
  4. If the site is only using flash leave it.
  5. Never follow links in emails (unless you know the person)
  6. Never follow links in chats (unless you know the person)

You should immediately contact the supposed owner of the website and ask for advice.

Social Phishing

Phishers use other means of getting sensitive data from users. We all know that we should contact the company if we have doubts about a website. What if you would receive a mail from your bank asking you to call them back because there was a security breach? Would you call them back?

What if the number was redirecting you to someone in China speaking fluent English? Would you give the person information when asked about personally identifiable information for identification purposes? Sir, we need to make sure that you are indeed our customer. Could you please supply your credit card information so that I can verify your identity?

This is not a huge market yet but it will grow over time.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.