Phishing & Pharming attacks are getting common these days & more sophisticated to say the least.For the un-initiated the below para explains what phishing & pharming is all about:
What is Phishing and Pharming?
Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.
Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning.
Just a couple of days back I was watching CNBC India,they were featuring a TV show about these new threats & their use in committing Internet fraud.
The show was quite alarming & shocking to me,the only reason was that two very well known & emerging banks ICICI & IDBI have fallen prey to phishing attacks resulting in bank fraud.
It was reported during the show that around 10 people from different parts of the country who did online banking fell for a specially crafted clone website made by the attacker which intercepted their banking ID's & password information.
Although the higher level officials from both the banks denied any financial loss except those 10 customers (which also wasnt clear on ther part,whether their money was used by the attacker or not).The fraud happened were recently in the month of January & quite interestingly IIRC the attacker was caught in month of February.The mistake he committed was making a online purchase from Ebay India from one of the stolen bank accounts credentials.
Here is the article Times of India featured about ICICI bank phishing attack: Times of India
Now this brings me to my latest post about ways of preventing phishing & pharming attacks.Google has brought out a new extension
for Firefox(works on ver. 1.5 & above only)which will report about a phishing attack by displaying a warning about its authenticity.
As with most things in the security world,you cant expect it to report every phishing website but to give you a fair idea about its working,here is a screeny of the extension in action on a fake Ebay phishing website.
I could only test this on one phishing website I stumbled upon through Neowin.But going by the extension's ability would be a disaster afaik.
/*No rants,ramblings please
Use whichever browser you like,people using Firefox 1.5 might find this handy & useful.If you dont use firefox,then search if there is a plugin or a extension which offers this functionality for your browser.If not then you are on your own :-P
Over n Out */
You can get the extension from here
Here are excellent tips right from the horse's mouth: Anti-Phishing Group
Last but not the least Common Sense & Good Eyesight always results in a Safer Browsing Experience !