Just when I thought it was safe to trust online banking!
Fake URLs - Real Web Pages Can Be Completely Fake: Watch Out For The The Latest Web Threat
According to a PR story released yesterday by SurfControl plc, Internet outlaws, have been able to hack two Australian banks (Citibank and SunTrust). By taking control of a security hole in those Web sites search facility, the "phishers" were able to substitute fake (but perfectly looking) Web pages for the original ones, while showing correct URLs, all with the purpose of diverting customer activity to other ends.
The technique used to carry out this Internet scam is virtually undetectable by a normal Web user like me and you.
The Web pages in question appear identical to the original ones and even the URLs are matching exactly the correct ones one would expect to see.
Apparently, the level of sophistication reached by this Internet scams has evolved to a point where it is very difficult to run effective business transactions online without fearing some possible fraud.
What are the actions that can be taken in the short term to contain and prevent such dangers?
1. Educate users to NEVER volunteer confidential information in response to an unsolicited e-mail. If they are worried that the message may not be legitimate, advise them to contact the company or organization directly.2. Advise users to NEVER follow any link found in an unsolicited e-mail. The simple visit to a Web site could trigger multiple IT threats, including viruses or even a Trojan horse program allowing the spammer to control the computer remotely.
3. Have a clear Acceptable Use Policy, which thoroughly expresses the organization's position on what kind of Web content is acceptable in the workplace.
4. Ensure that all anti-virus and operating system software is up to date.
5. Monitor Internet and spam security resources.
The five recommendations above come from SurfControl, a company that has lots of resources invested in providing timely critical information about new threats and dangers emerging in cyberspace as it is one of the major emerging providers of email and web filtering solutions for enterprise customers.
2004-11-11 04:40:53 |