Posted on 08/19/2004 3:15:14 AM PDT by Stoat
Do-it-yourself phishing kits are being made available for download free of charge from the Internet, according to anti-virus firm Sophos.
Anyone surfing the Web can now get their hands on these kits, launch their own phishing attack and potentially defraud computer users of the contents of their bank accounts. These DIY kits contain all the graphics, web code and text required to construct bogus websites designed to have the same look-and-feel as legitimate ecommerce sites. They also come with spamming software.
Scam emails that form the basis of phishing attacks commonly pose as 'security check' emails from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. Hundreds of thousands of phishing emails are sent across the internet each day and the ready availability of phishing kits can only spur this trend.
However would-be fraudsters should be aware of the recent success of UK police in arresting phishing suspects. Police and the banking industry recently combined to produce a check list advising consumers on how to avoid falling victim to phishing attacks.
For informational purposes only! Send me a self addressed envelope and return postage and I'll send you....
"Would this be in the same category as DIY mail fraud or hone invasion?"
Pretty much...if you enter your personal financial data into a fraudulent website, you can have your bank account cleaned out just as effectively as if a burglar had broken into your home and held a gun to your head as you signed your life over to him.
Here is a related article providing tips for consumers....most of this seems pretty basic and obvious, but the increase in phishing scams suggests that these tips are apparently not obvious to a lot of people:
http://www.theregister.co.uk/2003/10/22/uk_banks_and_police_proffer/
UK banks and police proffer anti-phishing advice
By John Leyden
Published Wednesday 22nd October 2003 13:53 GMT
The National Hi-Tech Crime Unit (NHTCU) and the UK banking industry today issued guidelines to help consumers protect themselves against Internet fraudsters.
The advice was prompted by a two-tiered email scam that has emerged in the past two months.
The first part of the scam involves emails being sent to UK consumers claiming to be from UK banks, asking them to "re-register" or "reactivate" their accounts at a replica bank website.
Typically, the fraudsters behind these "phishing" scams are located outside the UK and, as they are unable to transfer money directly out of their victims' online account overseas, they need a UK intermediary.
That leads to part two of the scam. This involves spam emails being sent to people offering them the chance to make some easy money by acting as a UK agent to a business overseas. They are asked to receive funds into their account and send them on overseas, less a certain commission. If someone agrees to do so, their account is used as part of the scam to send on stolen funds to the fraudsters overseas.
According to the NHCTU, fraudsters have been sending spam emails with fake job offers and advertising dummy jobs on recruitment websites to lure consumers to act as their UK agent in fraudulent money transfer schemes.
Although all the early indications are that very few people have been successfully duped by these scams - and the likelihood of falling victim to any type of Internet fraud is very low – there’s still a need to educate the general public.
"We know that many of these 'funds transfer scams' involve the proceeds of fraud and consumers who participate in these schemes are likely to become embroiled in a police investigation,” said Detective Chief Superintendent Len Hynds, head of the UK’s NHCTU.
“The message is - don't allow yourself to be duped. Remember, if an unsolicited money-making offer looks too good to be true, then it probably is."
David Lennox, director, fraud & physical security at the British Bankers' Association (BBA), comments: "The threats in the online world are the same as in the offline world. While these types of fraud have always been with us, the Internet is now being used as the preferred medium for attempting to carry them out".
Tips for staying safe online
The NHCTU has combined with the BBA and the Association for Payment Clearing Services in compiling a list of tips for staying safe online. The checklist, largely commonsense advice, contains the following pointers:
Know who you are dealing with - Always access Internet banking by typing the bank's address into your web browser. Never go to a website from a link in an email and enter personal details. If in doubt, contact the bank separately on an advertised number.
Keep passwords and PINS safe - Always be wary of unsolicited emails or calls asking you to disclose any personal details or card numbers. Keep this information secret. Be wary of disclosing any personal information to someone you don't know. Your bank and the police would never contact you to ask you to disclose PINs or all your password information.
Keep hold of your cash! - Don't be conned by convincing emails offering you the chance to make some easy money. If it looks too good to be true, it probably is! Be especially wary of unsolicited emails from outside the UK.
Keep your PC secure - Use up-to-date anti-virus software, security patches and a personal firewall. Be extra careful if using Internet cafes or any PC which is not your own and over which you have no control.
Check your bank's website - If in doubt, a good place to get help and guidance on how to stay safe online is your bank's website.
Check your statement - If you notice anything irregular on your account contact your bank immediately.
Better yet, switch to Mozilla Firefox, which is immune to these attacks.
How does Firefox make you immune to phishing emails and spam? I think you're a little confused.
Never underestimate the power of stupidity or greed.
Maybe so, but not in this case. The phishers take advantage of a flaw in most browsers (not Mozilla) which lets them insert their own frame in a legitimate webpage that you are viewing on your screen.
In the case of an online bank, they insert their own frame (which looks identical to the legitimate one) in the logon page for the bank, so when you type in your username and password, you are sending it to the phishers, not the bank. Then they clean out your account.
Spam is a whole 'nuther subject, but Mozilla does have a built-in popup blocker.
Moz has a great pop-up blocker. If you use Moz for email client or Thunderbird (even better), there is a great Bayesian filter that will sort thru alot of the bogus phish spam.
I see what you're saying now, and you're right. Internet Explorer is full of holes a scammer can exploit.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.