Posts tagged with “access control”

Protection against Phishing

Friday, 5 December, 2008

phishing2

PHISHING is a social engineering technique, which means to trick someone into believing something but different to what it really means, with a full purpose of obtaining personal information, credit card information and credentials.

The word phishing has been around since 1996. It was originally coined by hackers who started stealing AOL passwords by posing as a staff member and sending email messages to victims asking them their account information to verify their billing information and other information about their AOL accounts. The attacker lure, or fish the victims. This is when the word phishing began.

Although this social engineering technique had been around since the ’90’s it did not hit its popularity until the mid-2003. Phishing attackers, also called phishers creates very convincing emails requesting victims to click on links to update their account information. These emails and the redirecting website looks very closely similar to the actual website. Too convincing enough, a typical user would not spot the differences.

Some of the few tricks that these phishers would manipulate is to ask you to click on the link inside the email with a link almost the same as the actual website. For example, if you have an account with Bank of Alaska and their website is bankofalaska.com, they would create a site something like backofalaska.com. Or they would place @ symbol like bankofalaska.com@oursite.com. Before the @ sign would be the username following the http protocol. The actual website is oursite.com, which is a bad site. Depending on the way the site is written, the username can be ignored if it is not required.

Read the rest of this entry »