CASEScontact - solutions, tools & skills against latest security, cybercrime, hacking & malware threats

What's up?

Real life scenario

Internet & PC scenario

What is the threat or vulnerability?

Most people keep their

phone number

credit card number

pin code for cash machine or ATM

code to one's housedoor lock

all secret. As well, we would never hand over the reins to our credit card or bank accounts to an e-mail scammer. Unfortunately, we might fall prey to "phishing" or "spoofing."

So you should remember your parents advice given to you when you were a kid:

don't talk to strangers,

don't tell strangers anything,

don't give anybody your housekey, especially if you are a latch key kid (i.e. those who come home after school to an empty house/apartment ==> parents are still at work).

So if you remember Paris Hilton and what happened with the celebrities information that got discovered by a hacker on her mobile:

1) keep personal information,
2) don't hand out phone numbers unnecessarily,
3) do not provide information to any web site unless you are sure that the site is the one that it claims to be.

What is phishing?

Phishing scams are done by scammers who send emails that look like they come from well-known websites (for example, CitiBank, UBS, Deutsche Bank, Post Italia, etc.) in order to get the victim to surrender private information.

The email directs the victim to a website where the victim is asked to enter personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization supposedly already has.

The website, however, is bogus and set up only to steal the user's information.

But how do you know the website is bogus?

There are a number of ways you can figure this out which we will discuss in this Tip as well as protecting yourself against such nuisance and criminal activities.

For safer surfing, tools and tricks nurds excluded :-) ==>read on.

Problem & Solution

Admin

Update 2005-09-30

We appreciate you looking at one of our alerts. However, to assure that you have the latest version in front of you, please always click the link above to visit the website, because small changes are made without e-mailing the alerts out again

Please share this information with your colleagues, because they will appreciate it very much.

You can receive these advisories directly in your e-mail in-box - subscribe now - you will be glad you did

What does it mean to me? Am I vulnerable?

A) The Threat may come as Spam in a variety of forms, including fraudulent messages. This mass-messaging is called 'spoofing' or 'password phishing' trying to solicit personal, often financial information.

Attackers may send email seemingly from one's bank, post office or another reputable organization requestion account information, usually suggesting that there is a problem with the user's account.

Such messages or pages could ask for your bank account number, PIN number, credit card number, mother's maiden name, or birthday. Once the user responds and provides the requested information, malicious users can use this information for gaining access to accounts.

B) Vulnerability is that one my end up on a web site posing as another company by just clicking on a url or http link provided in an e-mail. Hence, as Tip 1 below suggests, one should always type in a link provided or at least make sure one ends up on the website the latter claims to be. For this tip 1 gives you TWO FREE tools.

C) Impact is severe if the malicious user gains access to one's funds or credit card. It may even result in identity theft whereby the attacker poses as another person and orders online or via mail order in the other person's name. So please, be careful out there and do

neither visit a suspicious website, nor

provide information to strangers.

Incidentally, check out how well you are doing using CyTRAP training's self assessment tool, for a link see below.

If I fix the problem - will it help me?
How

The best defense is following good security practices to get a triple benefit by:

saving yourself grief (i.e. not having to discover spyware on your computer or loosing money to a fraudster or imposter),

money (phising may cost you dearly if you get yourself tricked), and reducing

spam (e.g., getting a lot of spam in your in-box)

Remember, once a spam message is in one's in-box, inadvertently opening it and clicking on a URL may get one to a website that belongs to people that run a scam to trick users to divulge information and subsequently loosing money, something we all surely want to avoid.

How can one describe the solution?

Good security practices and effective risk management help to minimize your chances for becoming a victim of a phishing attack. These two steps are a first start that you should take care off immediately, namely:

1)fill out CyTRAP's self assessment tool - pishing danger zone for finding out if your behavior on the net is risky or more cautious here:

Checking out how safe you are on the Internet and whilst working with your PC ==> take the quiz and change your behavior according to the results you get back (you have to get a free user account to permit the scoring of your answers and to provide you feedback, its worth it).

2) Do not browse untrusted web sites.

Does Microsoft offer me a solution?

Update 2 2005-09-30

Microsoft has now made available to the general public a tool for warning users about "phishing" scams that could lead to identity theft. This tool is currently built into the Internet Explorer 7 browser, which is available in tests only to a select group of developers.

This toolbar can now be incorporated into older versions of IE if the person runs Windows XP operating system with the Service Pack 2 security upgrade from last summer. Currently the Beta version is available in English only. Microsoft's tool has two features:

1. A built-in filter that scans the URLs and Web pages you visit for characteristics associated with phishing scams.
2. An online service that offers real-time information about the reputations of reported phishing Web sites (means using a white list.... problem is that smaller sites may not be included and the tool, as happened to us, may warn you that a site could be a phishing one.... )

If you visit the site below you can get the Microsoft Phishing Filter in 2 steps, namely:

- Step 1: Download and install the MSN Search Toolbar
- Step 2: Download and install the Microsoft Phishing Filter Add-in for the MSN Search Toolbar (Beta)

http://www.microsoft.com/athome/security/online/phishing_filter.mspx#EOE

Naturally, the above tool works with Microsoft's IE only, neither Opera, Firefox, Mozilla or whatever :-)

So if your boss prefers you to use an MS tool, this one works okay but CyTRAP's choices for fighting phishing scams remain those tried and tested,listed below under Tip 1 and Tip 2 ==> not the MS one, at least for now.

Where can I get more help?

The text below will provide you with some additional hints including tools and tricks to

1) minimize the risk further, and
2) keeping you safter with the help of tools ==> just in case. If you want to find your how vulnerable you are to phishing, spyware and virus attacks, based on what you do and don't do, please get a user account on CyTRAP.org/training below (acocunted free - needed so your results can be scored) and do the self-assessment test, its quite revealing, give it a try:

Checking out how safe you are on the Internet and whilst working with your PC ==> take the quiz.

What is the solution to this problem ?

Tip 1		So how do you know that you are where you want to be or that the Website claiming to be X is X (see also Watch Out section below for more on this). This add on for your toolbar as described here and the one presented under Tip 2, both untangle whatever technical trickery a scammer has used to mask the address of the phoney site to display its real domain name. This is a free browser toolbar for Internet Explorer, works with a few versions of the Windows Operating System such as: Microsoft Windows 95/98//NT/2000/XP ==> http://security.weburb.dk/frame/show/news/3491 (Deutsche & English Info)

Tip 2		This is another free browser toolbar add-on for Internet Explorer and Mozilla Firefox, offers a last line of defense against this. Works also for MACs. CyTRAP's Choice ==> http://security.weburb.dk/frame/show/news/3781 More info en Francais ==> see CASES Luxembourg at: http://www.cases.public.lu/pratique/solutions/spoofstick/index.html

Tip 3		Some phishing e-mail may contain malicious or unwanted software that can track your activities or simply slow your computer. To learn more about this type of unwanted software, and making sure that your computer is not infected by any malware, read: CT210008: Rather 100 SPAM Msgs Than ... Check Grandpa's 101 on Avoiding & Getting Rid of Spam ==> http://casescontact.org/tips/210008 CT210002: UPDATE 1 - 2nd Line Defense - Getting Rid of Spyware ==> http://casescontact.org/tips/210002 CT210006: VIRUSES - UPDATE 1 - How to Minimize Your Risks by Using Your In-Born Smarts ==> http://casescontact.org/tips/210006

Take another 2 minutes - More tricks to safeguard your information better

Tidbit 1		Browser Toolbar There are also other protection methods than we have described here. However, most use a browser toolbar designed to work with Microsoft's Internet Explorer (IE) browser. Most focus on: (a) using a blacklist or a white list (e.g., okay sites), (b) composed by many users or, as Microsoft's Phishing Filter, rely on personal whit lists, a black list & technology to spot common phishing features, (c) allows recipients of phishing e-mail to alert others, (d) technology looks for suspicious pop-ups and requests for personal or bank information. All the above result in a warning but such technology has disadvantages in that your friends may not always appreciate you sending them a mail telling about another phishing attempt (c), neither white nor blacklists may be up-to-date considering that some phishing sites are up for a couple of hours only to be removed thereafter (e.g., a and b above) and, finally, pop-ups or requests for personal info may also result in a few annoying false positives (i.e. a site is identified as suspicious but is not => d) For more information visit here: Want to Know the # 2 Way to Protect Yourself Against Pishing - W38 - Browser Toolbars - Last line of Defense
Tidbit 2		What to do if you've responded to a phishing scam? If you review your bank and credit card statements at least monthly, you may be able to catch the con artists and stop them before they cause significant damage. If you think you've responded to a phishing scam with password information or entered passwords into a phony Web site, change your passwords as soon as possible.
Tidbit 3		You can report this to the Anti-Phishing Working group by sending an e-mail to: reportphishing@antiphishing.org Create a new e-mail message addressed to them and attach the phishing e-mail to the new message. You can also copy the entire phishing e-mail and paste it in the new message. Do not use the "forward" option if possible, as this format may exclude information and requires more manual processing.
Watch out		If an organization wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. Some steps you can take to help determine if a site uses encryption are to look for a closed padlock in the status bar at the bottom of your browser window and to look for "https:" rather than "http:" in the URL By making sure a web site encrypts your information AND has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. Accordingly, the above helps you to make sure you know where your information is going before you submit anything. Get Updates for CASESContact Tips and Latest Advisories via E-Mail or RSS subscribe for e-mail updates visiting http://casescontact.org/subscribe.php, get RSS feed from http://casescontact.org/rss.php or else from any major RSS news aggregator such as http://www.readafeed.de (Reed a Feed) Watch Out For Next Tip When: 2005-10-24 - Tuesday or there about What: Windows Update 101 - Yes Virginia - Follow these Six Rules and Secure Sailing is all Yours Get More Tips and Tricks - Latest Security Tips (ISSN: 1603-9866) http://casescontact.org/tips_list.php

CYTRAP resources - check it out - because it will help you better protect yourself

Related tips		CT210008: Rather 100 SPAM Msgs Than ... Check Grandpa's 101 on Avoiding & Getting Rid of Spam CT210002: UPDATE 1 - 2nd Line Defense - Getting Rid of Spyware
Glossary		Phishing - in layperson terms - explained for you - short and sweet

Administrative

Author		Urs E. Gattiker - CyTRAP Labs

Revisions		1.0 - 2005-09-20 - First Version 1.1 - 2005-09-23 - Updated ==> more tools for your toolbar to fight phishing attacks 1.2 - 2005-09-30 - Updated ==> Microsoft toolbar add-on tested by CyTRAP - available for free as Beta in English
Contact details		Web: http://CASEScontact.org E-mail: support01@CASEScontact.org Tel: +41(0)76-200-7778 or + 44(0)70-9237-6036 Fax: +44(0)70-9237-6036, dial 3 send fax

--END of ADVISORY - Important Info Below--

We recommend that you VERIFY ALL ADVISORIES you receive IMMEDIATELY, by clicking on the link provided at the top of this alert.

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

Ride the rollercoaster successfully by subscribing to our alerts, tips, tools and skills training receiving them either via: 1) e-mail 2) RSS feeds, or else, just get a 3) free skills tune-up

NO WARRANTY Any material furnished by CASEScontact.org is furnished on an 'as is' basis. CASEScontact.org, writers & sponsors make no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material.

CASES writers & sponsors do not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. Full DISCLAIMER notice at: http://www.casescontact.org/terms.php

UNSUBSCRIBE If you no longer wish to receive this TIP ADVISORY, please Unsubscribe at: http://www.casescontact.org/unsubscribe.php QUESTIONS, comments, ideas? Cheer us up at:Tips-Comments at CASEScontact.org CASEScontact.org -- Threat Alerts and Security Notices --clear and precise, no compromise - --currently hosted by Flashcable

-- END of TIP & Tricks ADVISORY-- Copyright (c) 2007 by CyTRAP labs - Urs E. Gattiker. All rights reserved.

Just the facts

Title		UPDATE 2 - Microsoft tool tested - Yes Virginia - phishing attacks are on the rise and getting meaner - we tell you how to surf safer
Description
CyTRAP LABs ID		CT210012
Date		2005-09-30
Systems affected
Select language
Version number		1.2
ISSN		1603-9866
Verify tip		http://casescontact.org/tips/210012
Risk assessment		Moderate
Impact/Severity		High
Audio/Podcast files		Go to section 'Does Microsoft offer me a solution' to find out how to get their anti-phishing tool. Podcast/Audio Clip : a) English - CyTRAP ID CT210012 b) Deutsch - CyTRAP ID CT210012

Why not get new tips and alerts by e-mail directly to your in-box? It's much more convenient: Your email: or press here.