March 28, 2011 (Powerhomebiz.com) Phishing has been one of the common forms of attacks used by cybercriminals for over a decade. However, in the recent years, phishing e-mails have become more sophisticated and targeted. Recently, Telus Corporation, a major Canadian national telecommunications company warned customers of e-mail phishing scam. The phishing e-mails appear to come from Telus Corporation. The company has witnessed alarming increase in the volume of the phishing e-mail. Telus has identified two forms of phishing e-mails. One of the scam e-mails asks customers to upgrade to a new security system, while the other asks customers to verify their accounts.
The e-mails are cleverly crafted and designed to extract confidential information from Internet users. Users are tempted to follow the instructions provided in the e-mail as they appear to come from a legitimate organization. The phishing e-mails may also contain links directing customers to a fake site. The confidential information sought through phishing may include credit card details, user name and password, name, age, mailing address and contact numbers. Unwary users may reply to the e-mail and compromise their personal and financial information.
The extracted information could be used for gaining unauthorized access to user accounts, stealing funds, conducting unauthorized transactions and creating fake credit cards. The compromised information could also be used to impersonate an individual to open fraudulent credit card and loan accounts. They may also create fake online shopping and other Internet accounts to conduct fraudulent transactions.
Telus has alerted customers to be vigilant of e-mails and phone calls purportedly coming from a legitimate company and seeking personal information. Cyber security awareness among users is crucial to deal with such threats. E-brochures, advertisements, online degree and video tutorials may be used to educate users on cyber security tips. Users must avoid e-mails requesting personal and financial information. They must be wary of words like account update and verify in the Unique Resource Locator (URL). When users click on a padlock, a legitimate site will display security certificate. Fake sites only have simulated padlocks and will not display any information.
Phishers collect information from various sources, register counterfeit domain names, and build fake websites or web pages that are identical to a legitimate site. The e-mails urge the targeted customers to initiate prompt action. Customers of banking and online shopping sites are frequently targeted by phishers. Attackers target users by spoofing legitimate e-mail addresses and domain names, insert malicious scripts on legitimate websites. They also make use of bots to send malicious links by exploiting the growing use of Instant Relay Chat (IRC).
Phishing attacks may come in various forms such as man-in-the middle attacks, URL obfuscation attack, key logger attack and session hijacking. Phishers may also use hidden frames and graphical substitution to create fake content and deceive users.
E-learning programs and training sessions could be used to create awareness on security threats among employees. They could also be encouraged to undertake an online university degree and refresher courses on cyber security.
Organizations must have proper monitoring mechanisms in place to monitor employee activity. Hiring IT professionals qualified in masters of security science could help organizations in framing appropriate IT security policies and guide employees on information storage, password construction, evading social engineering threats and handling suspicious e-mails.
EC-Council
Website: http://www.eccouncil.org
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.