Top Menu

Phishing On The Rise, Beware Of Fake Notifications


Phishing On The Rise, Beware Of Fake Notifications
By []Tarun Wig

While the world’s best teams are finishing their last minute preparations to clash with their arch rivals on the green soccer fields of the FIFA World Cup, another deadly war is raging in cyber space between cyber criminals and information security experts.

Brazil, the host of the FIFA World Cup 2014 is also home to the most notorious and lethal gangs of hackers. “With a population of approximately 201 million in 2013, Brazil is the world’s fifth most populous country and has one of the largest cyber criminals communities,” reports Business World. Not surprisingly, hackers are sharpening their arsenal to attack World Cup-related websites and thousands of users who will be using those websites during the tournament.

A May 30 report by Reuters quoting a hacker who “operates under the alias of Che Commodore” from Sao Paulo, Brazil, said, “The hacker group Anonymous is preparing a cyber-attack on corporate sponsors of the World Cup in Brazil to protest the lavish spending on the soccer games in a country struggling to provide basic services.”

The report quoted this hacker as saying in a Skype conversation from an undisclosed location in Brazil, “We have already conducted late-night tests to see which of the sites are more vulnerable. We have a plan of attack.”

The Reuters report further said that the hacker had mentioned World Cup sponsors including Adidas, Emirates airline, the Cola Co and Budweiser, which is owned by Anheuser-Busch InBev as potential targets.

Distributed Denial of Service or DDOS is defined as a type of Denial of Service (DoS) attack where multiple compromised systems — which are usually infected with a Trojan — are used to target a single system. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

In a DDoS attack, the victim faces a traffic onslaught simultaneously from multiple sources, which could run into hundreds of thousands of points of origin. This makes it virtually impossible for the security systems to block IPs as you are not able to filter legitimate traffic inflow from predator traffic and as a result, the host servers get jammed.

The notorious hacker group Anonymous had in the last week of May 2014, attacked the Brazil’s Foreign Ministry computer networks and leaked dozens of confidential emails. The Reuters report further said, a hacker known as Anon Manifest used a phishing attack to breach the Foreign Ministry’s databases that forced over 3,000 of account users to change their passwords.

These lethal phishing attacks have again brought to the fore the vulnerability of confidential and classified information databases. Although hackers are labeling these threatened attacks on World Cup websites as a “protest” against the monumental expenditures incurred in hosting the tournament, hacking or phishing is undoubtedly an intensely damaging violation of personal and critical information of thousands and thousands of users.

Banks, e-pay systems and e-auctions and basically sites that store personal data which provides access to money are major targets for phishers. You may receive an innocuous message or notifications from banks, providers, e-pay systems and other organizations asking you to urgently enter or update your personal information for some reason or the other such as loss of data, lucrative offers, system requirements, and so on. These fake notifications typically entice the user click on a “click here to update your account” link followed by thinly cloaked threats such as “else your account will be blocked”. The moment the user unsuspectingly reaches the phishing site, which is a thinly disguised copy of some credible organization, the phishers get access to the user’s email account or bank details and have their modus operandi laid out clearly to suck out the money within no time by selling the crucial data to other scammers.

Things you must remember when you receive such potentially malicious notifications:

1. Phishing URLs often closely resemble the genuine URL of a legitimate company. Before clicking on any such link, check whether the link in the browser command line is in fact different from that of the legitimate site.

2. The url can be a combination of some words prefixed to a genuine looking website address or a mix of dots instead of the legitimate slashes.Do not click on any such link.

3. Banks or financial institutions never send forms embedded in emails which ask you to fill up your personal data within the email body itself. Be cautious never to heed to such requests.

With hackers growing in strength, choosing strong password is no more enough as security measures. The most reliable security system currently is Multiple Factor Authentication. Almost all security breaches’ victims including Microsoft, Facebook, Twitter, Adobe and others have recommended two factor authentication (2FA).

2FA is a based on something the user knows (username and password) and something he physically possesses including mobile token, hard token, soft token or USB token.

Other effective technologies such as one click authentication, PKI USB tokens no-network two factor authentication have also been introduced in India recently.

Tarun Wig is a Technology Evangelist. He is part of the core team of Authshield Labs and has been actively involved in research on information security vulnerabilities. His expertise lies in innovating latest technologies to protect users and organizations from hacking attacks. Apart from consulting multiple organizations, he is also an active participant in Indian Infosec Consortium, the largest group of security professionals in India.

Article Source: [,-Beware-Of-Fake-Notifications&id=8560724] Phishing On The Rise, Beware Of Fake Notifications

, , , , ,

No comments yet.

Leave a Reply

Powered by WordPress. Designed by WooThemes