One Unified Blog -> Phishers can use social Web sites as bait to net victims: Informatics study Indiana University (05/24/07)

Communications with a Global Perspective

Home

Intro

Voice over IP

PBX Solutions

Services

Support

Glossary

Open Source

Blog

Forum

WebMail

2007 May 25 - Fri

Phishers can use social Web sites as bait to net victims: Informatics study Indiana University (05/24/07)

Personally, I've been able to identify phishing emails as they arrive, and promptly delete them. Indeed, some are quite tempting and realistic, but if one looks at the links closely, the imposters can be separated from the real thing.

If there is ever any confusion, I'll go the source directly, bypassing the link, and type in the correct link directly.

An ACM Newsletter speaks of a study that show that separating the wheat from the chaffe is becoming more difficult. Here is what they say:

Popular social network sites such as Facebook and MySpace are being used by cybercriminals to gather personal information to create targeted phishing attacks, according to Indiana University School of Informatics researchers. In their study, "Social Phishing," the researchers established a baseline for the success rate of traditional and social network-based phishing attacks. Phishers steal personal information by sending authentic looking requests, either by email or instant messaging, asking someone to click on a link and submit their information on what looks like a legitimate Web site. "Phishing has become such a prevalent problem because of its huge profit margins, ease in launching an attack, and the difficulty of identifying and prosecuting those who do it," says associate professor of informatics and computer science Filippo Menczer. "Our study clearly shows that social networks can provide phishers with a wealth of information about unsuspecting victims." The study sent email messages to two groups of students asking them to enter their university ID and password. One group received an email from what they thought was a friend, while the other group received an email from a stranger. Only 16 percent of students who received an email from a stranger entered their information, while 72 percent of those receiving emails from "friends" gave away their information. Associate professor of informatics and member of the research team Markus Jakobsson says they were astonished by the 72 percent response rate. The researchers suggested some countermeasures to prevent phishing, including digital signatures on emails to verify the source, browser toolbars that alert users to spoofing attempts, spam filters that detect spoofed emails, and providing users with a secure path to enter passwords, alerting users that they are trying to authenticate to an unknown site. The study is scheduled to be published in the October 2007 issue of Communications of the ACM.

The full article can be found at the Indiana University.

[/Personal/Technology] permanent link

Main Links:
Monitoring Server
SSH Tools
QuantDeveloper Code

Special Links:
Frink

Blog Links:
Sergey Solyanik
Marc Andreessen
HotGigs
Micro Persuasion
... Reasonable ...
Chris Donnan
BeyondVC
lifehacker
Trader Mike
Ticker Sense
HeadRush
TraderFeed
Stock Bandit
The Daily WTF
Guy Kawaski
J. Brant Arseneau
Steve Pavlina
Matt Cutts
Kevin Scaldeferri
Joel On Software
Quant Recruiter
Blosxom User Group
Wesner Moise
Julian Dunn
Steve Yegge


Request Further Information		Suggestions may be sent to our Webmaster �2008 One Unified.
Disclaimer: This site may include market analysis. All ideas, opinions, and/or forecasts, expressed or implied herein, are for informational purposes only and should not be construed as a recommendation to invest, trade, and/or speculate in the markets. Any investments, trades, and/or speculations made in light of the ideas, opinions, and/or forecasts, expressed or implied herein, are committed at your own risk, financial or otherwise.