|
| Â Â |
| Â | Glenbrook ActionMap: Phishing |
 | | Phishing has emerged as the latest threat to the theft of personal information over the Internet. | | | This Glenbrook ActionMap(SM) briefing for financial institutions examines the phishing threat, provides brief technology background on how fraudsters are successfully perpetrating phishing frauds, and recommends an ActionMap for institutions to consider for responding effectively to these threats. |
|
http://www.glenbrook.com/opinions/phishing.htm
|
|
| Â Â |
| Â | Creating stronger passwords |
| | Just as you make a date with your computer to run updates, backup software, and clean out old programs, you should also regularly change passwords. | | | You can continue to improve your computer's security by keeping your software up to date and using a firewall. | | | Identity theft can happen if someone steals your password, but there are other ways for hackers to break into your computer. |
|
http://www.microsoft.com/security/articles/password.asp
|
|
| Â Â |
| Â | security.itworld.com - Experts: Phishing should be on enterprise radars |
| | Phishing attacks may be coming from your computer | | | Companies should have data classification policies so employees know what information is most critical to corporate success, he said. | | | Once hackers "have one piece of information, (it) can open a lot of doors," Hunt said. |
|
http://security.itworld.com/4337/040729phishing/page_1.html
|
|
| Â Â |
| Â | Postcards from the Digital Age - Don't Get Caught When the Bad Guys Go Phishing |
| | Phishing began on AOL in the mid nineties. | | | The technology is a moving target and unless technology is your business, you simply won't be able to keep up. | | | Tip number 2 - Forget everything you've read about how to check the message headers or the Web link to determine if what you've got is a phishing message. |
|
http://www.bockinfo.com/040419postcard.htm
|
|
| Â Â |
| Â | Tips for Avoiding Computer Crime |
| | If other people have access to your computer when your machine is running and you are away from your desk, you should install screen saver software that requires a password to return to the operating system or applications software. | | | The only connection between phishing and computers is that modern phishing uses e-mail and a bogus website to get a gullible person to disclose personal financial information to criminals. | | | However, unlike changing online account passwords, there is no easy way to destroy the value of confidential data in files on a stolen computer. |
|
http://www.rbs2.com/cvict.htm
|
|
| Â Â |
| Â | Phishing: Spam that can’t be ignored - TechUpdate - ZDNet |
| | Phishing: Spam that can’t be ignored - TechUpdate - ZDNet | | | The members share intelligence and ideas on how to deal with the problem. | | | “On the technology front, since phishing is spam, the same tools to combat spam such as Web and e-mail filtering are one approach," Jevans said. |
|
http://www.techupdate.com/techupdate/stories/main/Phishing_Spam_that_cant_be_ignored.html
|
|
| Â Â |
| Â | Be Aware of Phishing Scams! - UGN |
| | Since most of the phishing emails come through spam, get a spam filter and install on your computer. | | | The latest generation of phishing scammers uses several methods to trick users, including pop-up graphics to mast the true web URL of the phishing site and the installation of Spywares and Trojans on victim's computer. | | | The scammers also started to use more sophisticated technologies in recent months. |
|
http://www.user-groups.net/articles/phishing_kabir.html
|
|
| Â Â |
| Â | About Social Engineering and Phishing |
| | Why is social engineering important to you and me? Well, no matter how strong your firewall is, no matter how often you update your antivirus program, if a computer cracker can trick you into giving him your password or credit card number, all your time-consuming and expensive computer security precautions will be for naught. | | | More than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found. | | | One thing I HAVEN'T talked about, however, is something called "social engineering" which is just a fancy way of saying "tricking you into giving a computer cracker the information he needs to break into your computer or steal your identity." |
|
http://www.netsquirrel.com/articles/socialengineering.html
|
|
| Â Â |
| Â | Definition of Phishing |
| | In computing, phishing, short for password harvesting fishing, is the luring of sensitive information, such as | | | Trust Management for Humans ( http://www.waterken.com/dev/YURL/Name/) Explains the design flaw in the WWW that enables phishing and provides a simple solution to the problem | | | passwords and other personal information, from a victim by masquerading as someone trustworthy with a real need for such information. |
|
http://www.wordiq.com/definition/Phishing
|
|
| Â Â |
| Â | Digipass Strong User Authentication Is The Answer To Phishing Schemes |
| | Phishing schemes can only succeed if the information the fraudster wants to obtain, is static (user id’s, PIN codes, credit card information). | | | VASCO’s Digipass Strong User Authentication Products are a solution to avoid phishing schemes to be successful. | | | Digipass Strong User Authentication Is The Answer To Phishing Schemes |
|
http://www.tmcnet.com/usubmit/2004/Jan/1023026.htm
|
|
| Â Â |
| Â | Microsoft plugs phishing hole - Topic Powered by Infopop |
| | The final fix patches a flaw where DHTML links could be used to allow an attacker to save a file on the user's computer (but it would not be executed). | | | One important thing to note with this update, the fix for the phishing exploit changes the functionality of the Basic Authentication feature in Internet Explorer. | | | The following URL syntax is no longer supported in Internet Explorer or Windows Explorer after you install this software update: |
|
http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=174096756&m=436003320821&r=436003320821
|
|
| Â Â |
| Â | InformationWeek > Phishing > SmartAdvice: Customer Education Key Part Of Anti-Phishing Protection > August 2, ... |
| | Given how easy it is to compromise a user's security simply by posing as a trustworthy company and requesting sensitive information, this raises concerns about the level of trust that users will place on the Internet going forward. | | | The feature answers three questions of core interest to you, ranging from career advice to enterprise strategies to how to deal with vendors. | | | What can we do to protect our customers from phishing scams masquerading as our Web site? |
|
http://www.informationweek.com/showArticle.jhtml?articleID=26100712
|
|
| Â Â |
| Â | Paypal - Billing Issues - Spoof Email Phishing Scam |
| | This is processed through PHP script, but discerning users should notice that the URL of the bogus page in no way matches any genuine Paypal web page. | | | Stay informed of the latest Spoof Email Phishing Scams with either of our | | | Latest browser bug aids Phishing Scams - beware! |
|
http://www.millersmiles.co.uk/identitytheft/030704-paypal-1.php
|
|
| Â Â |
| Â | Phishing |
| | I won't accept any blame for anything you do with any of the information or files in this section. | | | That said, Phishing can be done many different ways...the best (in my opinion) way is using PWS, that is Password Stealers. |
|
http://rpgprogz.tripod.com/phishing.htm
|
|
| Â Â |
| Â | Hackers resorting to password theft - silicon.com |
| | Hackers are increasingly resorting to social engineering techniques to obtain confidential passwords as businesses become better at locking down and patching their computer networks. | | | Lets face it, most people who use computers are in... | | | No other way in as users get better at security... |
|
http://www.silicon.com/software/security/0,39024655,39116551,00.htm
|
|
| Â Â |
| Â | Foiling Phishing - CSO Magazine - October 2004 |
| | While early phishing attempts were crude, with telltale misspellings and poor grammar, phishing e-mails have become remarkably sophisticated in recent months, sending recipients to fake sites that are replicas of the sites they're spoofing. | | | In this case, the data was actually on its way to a crook in Seoul. | | | One reason phishing e-mails are so convincing is that more than 95 percent of them forge the "from" line so that the message looks like it's from the spoofed company. |
|
http://www.csoonline.com/read/100104/phish.html
|
|
| Â Â |
| Â | PCWorld.com - Phishers Adopt Scam Tricks From Virus Writers |
| | A phishing scam currently spreading online works without your ever having to click on a link; all that's required to activate the scam is for you to open an e-mail. | | | In this case, the scam involves a Trojan horse that combines with an ActiveX vulnerability in Windows to install itself on your machine invisibly, without warning. | | | The current phishing scam, which has been labeled JS/QHosts21-A by antivirus vendor Sophos, is an example of this kind of blended threat. |
|
http://www.pcworld.com/news/article/0,aid,118489,00.asp
|
|
| Â Â |
| Â | Simon Willison: No more usernames in URLs |
| | Viruses help spread Trojans, and Trojans are used to turn unsuspecting users' computers into spam factories, or hosts for phishing expeditions, and thus furthering the spread of all the elements in this process: viruses, Trojans, spam, and phishing. | | | Of course, the millions of IE users who decline to upgrade their browser will remain just as susceptible as they always were (unless they stop clicking links) - a fact for which we can hardly blame Microsoft. | | | If we're talking dumb users here then why does anyone expect them to notice that |
|
http://simon.incutio.com/archive/2004/01/30/noMoreUsernames
|
|
| Â Â |
| Â | Whirlpool Forums - Thread: I received someone elses password |
| | If you could Whim me the details, if possible include the header information as well. | | | I think MSN Plus removes/changes it, that could be why he asked | | | Phishing is a scam which attempts to dupe the recipient of spam into disclosing personal information, most commonly associated with fake bank web sites. |
|
http://forums.whirlpool.net.au/forum-replies.cfm?t=257157
|
|
| Â Â |
| Â | Richie Carey's Web Log |
| | Netcraft : "A British computer scientist has demonstrated that opportunities exist for fraudsters to launch phishing attacks using cross site scripting bugs on the very widely used Google sites." | | | Tech News on ZDNet "Yahoo has quietly purchased e-mail software company Stata Labs, in what could be an investment in a coming PC search tool to rival Google and Microsoft." | | | Instead, a botched deployment cut into earnings in a big way in August and executives got fired." |
|
http://www.careyinternet.com/cgi-bin/yabb/YaBB.pl/YaBB.pl?board=;action=reminder
|
|
| Â Â |
| Â | Spam (electronic) - Wikipedia, the free encyclopedia |
| | The infected machines can often be used as remote-controlled zombie computers, for more conventional spamming or DDoS attacks. | | | Antiphishing Crusade ( http://www.antiphishing.org.uk/) Daily News of phishing spam collected from around the net. | | | pyramid schemes, stock pump-and-dump schemes and password phishing. |
|
http://en.wikipedia.org/wiki/Spamming
|
|
| Â Â |
| Â | broadband » News » 'Two Factor Identification' - Changing security to conquer 'phishing' |
| | If I'm not at my home computer I can't log into many sites since I don't remember the passwords. | | | For more important, sensitive logons like my bank, my router, and admin/root accounts I use longer, more complex passwords. | | | About the only way to have high security and ease of use is to use biometrics or some other system where you and your password are not separate entities. |
|
http://www.broadbandreports.com/shownews/45022
|
|
| Â Â |
| Â | WebPwdHash |
| | We emphasize that the hash function we use is public and can be computed on any machine which enables users to login to their web accounts from any machine in the world. | | | When they press the Hash button, javascript computes the password hash on the local machine (so that we are never told what the user's password is) and copies the resulting hash into the user's clipboard. | | | This hash is useless at the site that the phisher intended to spoof. |
|
http://crypto.stanford.edu/PwdHash
|
|
| Â Â |
| Â | CastleCops - Gone Phishing |
| | The web addresses all look okay, and the first bit matches the home page details of these sites, so it all seems legitimate. | | | “Phishing attacks involve the mass distribution of 'spoofed' e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies. | | | These fraudulent messages are designed to fool the recipients into divulging personal authentication data such as account usernames and passwords, credit card numbers, social security numbers, etc. Because these emails look “official”, up to 20% of recipients may respond to them, resulting in financial losses, identity theft, and other fraudulent activity.” |
|
http://www.computercops.biz/article-4718-nested-0-0.html
|
|
| Â Â |
| Â | HNS - The Future of Phishing |
| | The benefits, however, are great: there is no other cost-effective system offering defence against phishing, man-in-the-middle and Trojan attacks whilst maintaining a simple and intuitive user experience. | | | This independent channel also offers a way around the man-in-the-middle. | | | For each transaction entered, a summary would be returned to the user together with a one-time-password, in the form of an SMS. |
|
http://www.net-security.org/article.php?id=672
|
|
| Â Â |
| Â | Anti-Phishing Working Group - Stop Phishing and Email Scams |
| | This phish shows how important it is to be on guard, since what you have found to be OK at one moment, vould be swapped for something else later, without you ever noticing. | | | Therefore, we urge you to do it today. | | | The current password for your U.S. Bank accounts has not been revised for a long period of time and needs to be changed within 72 hours. |
|
http://www.antiphishing.org/phishing_archive/06-22-04_US_Bank_(U.S._Bank_Consumer_Alert).html
|
|
| Â Â |
| Â | Has Your PC Gone Phishing? - TechSpot |
| | Creative Labs SB Audigy 2 ZS soundcard review | | | Scammers using phishing tactics typically send out e-mail targeting users of financial institutions or other e-commerce sites. | | | The bogus e-mail message often tells recipients there's a problem with their accounts, and that they need to re-enter their bank account or credit card number at a Web site designed to look like the legitimate e-commerce site. |
|
http://www.techspot.com/story16105.html
|
|
| Â Â |
| Â | Evtechie... Solutions for DeskTech Problems |
| | We offer training on Microsoft Word, Excel, PowerPoint, Outlook, FrontPage and additional applications such as Adobe PageMaker, Acrobat, and Macromedia DreamWeaver. | | | One of the larger issues of late, aside from those incessant worms, are two common methods to trick computers users into revealing their passwords: Impersonation and Social Engineering. | | | A social engineer may also use information they know about you to guess your password or use our password lookup utility to gain access to your account. |
|
http://www.evtechie.com/
|
|
| Â Â |
| Â | The Word Spy - phishing |
| | Recently one of our OverHead contacts has discovered an error in the stratus system and the information is unrecoverable. | | | The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. | | | Tips on how to avoid the Internet scam known as phishing. |
|
http://www.wordspy.com/words/phishing.asp
|
|
| Â Â |
| Â | PCWorld.com - Symantec Goes Anti-Phishing |
| | Phishing scams are online crimes that use spam to direct Internet users to Web sites that are controlled by thieves but designed to look like legitimate e-commerce sites. | | | The antivirus software giant will announce this week a brand protection service that will use the company's global network of researchers and its desktop software to help companies identify and thwart online scams that use their names to trick unsuspecting customers. | | | Symantec is also providing Online Fraud Management customers with access to a "user-friendly resource center" with content that will help them educate their customers about Internet security threats and with links to products and information to help them assess their computer's security exposure and protect it from attack, Symantec says. |
|
http://www.pcworld.com/news/article/0,aid,117753,00.asp
|
|
| Â Â |
| Â | Banks dismissive of 'phishing' losses - ZDNet UK News |
| | While Microsoft's has endorsed the devices recently, they aren't new. | | | "Even [Microsoft's] chief software architect and chairman said the single password is dead. | | | ANZ, which has been targeted by four email phishing scams during the past year, says there is no business case for using the tokens. |
|
http://news.zdnet.co.uk/business/0,39020645,39148259,00.htm
|
|
| Â Â |
| Â | password phishing |
| | Banks are on notice against what the state calls a new computer scam trying to steal your identity and your money. | | | The Go Daddy Group, Inc., parent company of GoDaddy.com, the No. 1 registrar of domain names, and member of the Anti-Phishing Working Group, today announced an enhancement to the company's email system that will identify and automatically eliminate phishing attempts at the server level. | | | This malware does not mimic the standard phishing attacks that attempt to trick a user into logging onto a fake Web site. |
|
http://thedavidlawrenceshow.com/001943.html
|
|
| Â Â |
| Â | Avoid Getting Caught by the 'Phishing' Scam |
| | An online scam designed to fool a user into submitting personal, financial, or password data using a replica of an existing Web page or e-mail. | | | The "spoof" perpetrated by the criminal Web phisher is relatively simple: impersonate a legitimate company's communications so the criminal can get customers to send important personal data such as name, Social Security number, account number, and password. | | | While the spoof may be simple, the consequences for unsuspecting victims can be disastrous—from depleted accounts to destroyed credit ratings. |
|
http://myfidelity.members.fidelity.com/investorsWeekly/cms/FEAphish030926.dyn?keyword=interviews
|
|
| Â Â |
| Â | Preventing consumer email scams, phishing scams, internet fraud, nigerian scams, |
| | These scams usually provide a link to a conterfite web site where they will have you provide your credit card information. | | | The entire risk as to the results and the performance of the information is assumed by the user, and in no event shall Unwanted Links be liable for any consequential, incidental or direct damages suffered in the course of using the information in this web site. | | | In addition, these types of scam attacks have targeted other on-line businesses such as PayPal, infact, PayPal users have been hit several times in recent months with versions of this scam. |
|
http://www.unwantedlinks.com/20webscams.html
|
|
| Â Â |
| Â | CastleCops |
| | Microsoft on Wednesday said it would contribute both software and a paid analyst to a forensics organization that's fighting phishing scams. | | | Phishing, Fraud and other dastardly deeds Part 3 | | | Phishing, Fraud and other dastardly deeds Part 2 |
|
http://www.computercops.biz/article-topic-66.html
|
|
| Â Â |
| Â | WebProWorld :: A practice dubbed "phishing". |
| | You can't just go make all possible mispellings unavailable because there might be a business out there who is named similarly. | | | phishing is pretty tough because the phishers often buy mispellings which can be the name of a legitimate business. | | | I have suggested it every time I find one. |
|
http://www.webproworld.com/viewtopic.php?t=11209
|
|
| Â Â |
| Â | US Bank phishing email - Please Change Your Password - Fraud Alert - FraudWatch International |
| | Nigerian 419 Scam letters, Lottery emails, Phishing emails and other fraudulent emails should be forwarded to our Investigation Team at: scams@ | | | This email claims that the users US Bank has been monitored, and may have been accessed by a third party. | | | The user is requested to change their password by clicking on a link within the email. |
|
http://www.fraudwatchinternational.com/fraud_alerts/040524_348_usbank.htm
|
|
| Â Â |
| Â | Morehouse Dot Org • SecureIndex |
| | Everything you wanted to know about Unix Passwords | | | How to get out of a TOS for Password Phishing | | | How to build and use a Red Box |
|
http://www.morehouse.org/hin/files.html
|
|
| Â Â |
| Â | Newest Phishing Scam Employs Legitimate Web Sites |
| | It's just one more step in the social engineering of a scam designed to rip off even fairly well-trained Internet users. | | | When I talked with APWG spokesperson Dan Maier, I learned about an emerging phishing technique that's not in the report but worth describing for enterprises as well as Internet users. | | | Lawmakers and vendors are cracking down on phishing. |
|
http://www.eweek.com/article2/0,1759,1624973,00.asp
|
|
| Â Â |
| Â | Everything Burns: Wi-Phishing |
| | Maybe I should try the password to my University account. | | | Flyers tacked up around the University District (in this, the week before classes start), are advertising: | | | Aaron, the reason they don't tell you the password is that they want you to type in your UW password so they can hack your UW email account. |
|
http://jimfl.tensegrity.net/eb/archives/001414.shtml
|
|
| Â Â |
| Â | Computer Cafe |
| | Users need to be wary of social engineering tactics to try to gain their Ebay or Paypal password, or any other password. | | | Call today to see if your phone number qualifies for DSL and we can get you scheduled for installation today. | | | Make your selection on the left to reveal your link choices. |
|
http://www.cafes.net/
|
|
| Â Â |
| Â | ISSA |
| | New York, NY Phishing Lures: Understanding the Techniques Scammers Use to Steal Identities - November 11, 2004 |
|
http://www.issa.org/
|
|
| Â Â |
| Â | Articles for 'password' |
| | If user ID and password are correct the system will display date and time of the last login. | | | Die Falle zum Password fischen -- Phishing Scam (Follow Ups: 1) | | | please note that the password is case-sensitive - bitte Gross- und Kleinschreibung des Passwortes beachten (Follow Ups: 1) |
|
http://forum.leo.org/archiv/p/password.html
|
|
| Â Â |
| Â | AOL password phishing attempt. |
| | They also hosted a lot of bank phishing scams. | | | Web Server Talk > Email Servers > Email Abuse and Spam > AOL password phishing attempt. | | | 03-01-04 07:38 PM AOL password phishing attempt received yesterday. |
|
http://www.webservertalk.com/message138495.html
|
|
|
