Information Armor » phishing

The Internet

root — Thu, 27 May 2010 15:45:29 +0000

A New Phishing Attack
We were intrigued when looking at the demo of what has been dubbed ‘tabnabbing’, a new type of phishing attack discovered by Aza Raskin from Mozilla. Different from the more contemporary phishing attacks that generally lure victims directly to the malicious phishing page through emails and links, this attack could load a malicious phishing page in the background while the user is browsing another tab. For example, a user could be enticed to visit what is an apparently normal web page, not a phishing page. When the user’s browser is interrogated, a phishing page for a service the user has actually visited could be opened. However, this would happen in the background and a user may not notice at all and might unwittingly enter details into the malicious page. How this works is probably best explained by the proof of concept page provided by Raskin which, currently, is no longer publicly available. Another demonstration page created by Aviv Raff and based on a mockup of the Brian Krebs blog article on tabnabbing is also available (see links below).

The issue appears to affect all major browsers, though results vary between browsers and operating systems. The remediation for this issue would be to completely disable Javascript in the browser. The Raff demo is notable in that it can work against Firefox, even with the popular Noscript add-on installed. We do suggest readers familiarize themselves with this issue.
http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
http://avivraff.com/research/phish/article.php?406707075

Wardriving and Open Wireless Networks
Stories about the number of unprotected wireless networks used to be common place but it has been some years now since WPA and then WPA2 have become prevalent. WPA2 is relatively easy to setup and provides a good level of encryption and authentication. So, we were somewhat surprised to read the results of a wardriving exercise conducted by the state police in various regional centers across Queensland, Australia. The results have led to the police estimating that some fifty percent of the wireless internet connections in Queensland of having no or minimal security settings enabled, no password, or still have the default password on their wireless device. Perhaps more disturbing is a comment from Detective Superintendent Brian Hay of the Queensland state police, “We know that the crooks are out there, scanning the environment and identifying these vulnerable networks, plotting them and then selling the information.”

Open wireless systems present many dangers and while we consider the results of the wardriving exercise would reflect largely on domestic wireless systems, these same systems may well be used by corporate employees when working from home. While we would expect most remote access systems to be encrypted or utilize a VPN for access, corporate resources or information might still be exposed. We suggest that at the business level, staff are made aware of the dangers of using open wireless systems and we urge all people who have wireless access points in their homes or businesses to verify that their systems are configured to operate in a secure manner.
http://www.couriermail.com.au/news/technology/half-of-wireless-networks-unsecured-in-queensland/story-e6frep1o-1225870268562

Anti-Phishing Procedure for Email

root — Tue, 16 Feb 2010 16:16:55 +0000

I saw something like this on the Internet and I do want to give credit to where credit is due, but I cannot remember where I found this. We have recreated it for businesses.

Please see the following flowchart for procedures on anti-phishing for email.

Some News

root — Mon, 11 Jan 2010 15:47:24 +0000

Security Risks at Fake ATM Machines
Fake ATM machines are not new, but awareness of them is. Have you ever gone into a locally owned gas station that has a small ATM sitting in the corner near the chocolate bars? Not all of them are real. They read card information, allow the person to enter their PIN, display a dummy message saying that the transaction cannot be completed at this time. All the while, it’s harvesting all the cards information to be used at a later time. Some fake ATM machines even have a camera to capture a photo to associate with the card information. We need to pass this information along among ourselves, our families, our friends and our customers. Captured information can be used to recreate a complete identity along with a bank account with funds in it.

Some good news … Albert Gonzalez, the Miami man who stole and resold 170 million cards and ATM numbers, has pleaded guilty and is awaiting sentencing in March.

Increases in Phishing Attacks
Identity theft is expected to increase again this year. With the bad economy in 2009 came a huge reduction in the workforce. Many of those who were unemployed invested in starting online businesses to make ends meet. These unskilled “webmasters” may have great ideas, but many are uneducated in privacy and security leaving identifiable information out there for criminal minds with access to the Internet. Names, addresses, phone numbers, notes on prospective clients all are jumping off points for spear phishing attacks.

There were many phishing attacks against financial institutions in 2009, about a 600-percent increase over phishing attacks in 2008. Spear phishing is becoming more popular as hackers target businesses where an attacker can access business accounts and initiate money transfers via wires or ACH to steal large sums of money at once or over time.