In the United States alone, the damage caused by Internet crime amounts to 16.4 billion euros annually. According to the latest cybercrime report by the security company Symantec, it is 114 billion worldwide. A good deal of the damage is due to phishing attacks.
Phishing in the mailbox and on the phone
According to a study by the Federal Criminal Police Office, these figures rose by 82 per cent to 5,300 cases in 2010. The average loss amounts to 4,000 euros, but can be higher in individual cases. In August, for example, a businesswoman lost 50,000 euros by a single transfer, which the cybercriminals could make with a mobile TAN.
Spam filter or phishing filter
The best security-freeware
The 76-year-old immediately realized that something was wrong, and immediately reported to the bank. But the transfer was already settled and could not be undone.
All browsers now offer a simple protection against phishing: Internet Explorer, Firefox, Opera. They are the same as any URL entered by the user with a list of known phishing sites. Firefox, for example, accesses the Google list (code. Google.com/p/google-safe-browsing), which allows the search giant to filter malicious pages from the search results.
Security suites promise extended protection through special web filters. They do not work differently from the browsereigen ones, but they promise a higher level of protection due to a larger database of pages.
Buying advice: The best security suite
Together with the Innsbruck test laboratory AV-Comparatives (www.av-comparatives.org) we looked more closely at these filters and had to find that the recognition rates differed widely. In some browsers, some vendors do not provide protection against phishing attacks such as Avast, Sophos, and Microsoft Security Essentials (see table on the last page).
Eset has no special phishing filter, but still blocks over 75 percent of the tested pages. Others have a very good protection as the Webroot suite, but they are clearly at the expense of false alarms. It warns against real banks. Qihoo-360 blocks Chinese pages well, but has weaknesses in international attacks.
The phishing keyword is made up of password and fishing. And that's what it's all about: fishing for passwords and access data. The fraudsters are asking the victim to update their data through fraudulent e-mails and fake links in social networks.
The reasons are dubious: The credit card expired, there were new password guidelines, or the customer had to confirm the data because of a server change.
The content of fraudulent e-mails often also acts really, only on closer inspection is the attack attempt to be discovered. Mostly, phishing is an HTML-formatted e-mail, coupled with a web page that queries the user data.
Guide: This is Office 2013 from
The URLs linked to the e-mail link refer to this phishing page. Only in the source code or in the status line of the browser is it possible to see the real target. Often an intact attachment is also used to click.
Really new is not phishing. Long before Internet and e-mail, fraudsters attempted to use everyday communication tools to get the personal data of their victims. Telephone phishers try to get out of account data on the pretext of transferring the money from a raffle to the account. But instead of the fact that the supposed winner found a plus in the account, the phisher booked a lot.
Through the ever popular use of online mailboxes such as Hotmail, GMX or Google Mail, the local spam filters of most security suites are undermined. This requires a phishing filter in the browser, which blocks the fraudulent websites.
Especially in times of the fashion word cloud in the security industry is this an easy one. Especially since phishing is not just a spam phenomenon. Spam filters complement phishing filters best, because they should already recognize the fake URLs in the mailbox.
Guide: The Best Windows Security Tips
Previously the classic way of phishing almost always about spammails, the attacks are now spreading more and more via links into social networks like Facebook or via techniques like search engine optimization (blackhat SEO) and DNS poisoning. Again, a web filter has to be used for protection, since the dangerous website does not precede any classical phishing mail.
Do you belong to the users who choose a website through the Google search field in the browser instead of the often complicated and long URL in the address bar? Then select the first match in the search results?
With Blackhat SEO, online criminals try to take advantage of this behavior: through best search engine optimization, they push their fake eBay, bank or PayPal pages into the hit list above the right page
No comments:
Post a Comment