Untitled Document

'Phishing' expeditions compromise security

Despite the best efforts of network technicians and cyber security officers, occasionally e-mails sneak through that can threaten data security.

The SANS (SysAdmin, Audit, Network Security) Institute, recently produced a list of the Internet’s 20 most critical computer and network security vulnerabilities. It is the largest source for information security training and certification in the world and develops, maintains and makes available at no cost the largest collection of research documents about information security. SANS also operates the Internet’s early warning system, Internet Storm Center.

ITD Cyber Security Officer Forrest Anderson calls special attention to new forms of “phishing” that can coax Internet users into unknowingly exposing personal information.

“The reason I am emphasizing the Phishing Threat is because some Phishing e-mails still get through the state’s Spam filters and some of these newer types of Phishing have been reported,” Anderson explains. “Please use the link (SANS Top 20) and see what other threats are prevalent throughout the Internet.”

Voice Phishing
A newer form of phishing replaces a Web site with a telephone number. In this form of phishing, an e-mail tells you to call a specific number where an audio response unit, at the end of a compromised voice phone line, waits to take your account number, personal identification number, password, or other valuable personal data.

The person/audio unit on the other end of the voice phone line might claim that your account will be closed or other problems could occur if you don't respond.

Spear Phishing
Spear phishing is a highly targeted phishing attack. Spear phishers send e-mails that include information about staff or current organizational issues that make it appear genuine to employees or members within a certain company, government agency, organization, or group.

The message may look like it comes from your employer or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems. The message could include requests for user names or passwords or tell recipients to download malicious attachments from an infected Web site. Some reports show that the senior management of an organization, such as the CEO, president or vice president, may be targeted with the most sophisticated attacks.
Spear phishing has become one of the most damaging forms of attacks on military organizations in the US and other developed countries. Attackers gain user name and password information and then break in to ex-filtrate sensitive military information.

Definition of Phishing: Online identity theft
Identity theft is the phrase used to describe an action where a person uses the identity of another to fraudulently obtain credit, goods, services or to commit crimes. Examples of these crimes are bank and credit card fraud, wire fraud, mail fraud, money laundering, bankruptcy fraud and computer crimes.

With the advance of the Internet, the traditional fraud schemes became magnified, in particular with online identity theft crimes.

The word "phishing" was first used around 1996 when hackers began stealing America On-Line accounts by sending e-mail to AOL users, that appeared to come from AOL.

Phishing attacks now target users of online banking, payment services such as PayPal, online e-commerce sites, and Web-based e-mail sites. Phishing attacks are growing quickly in number and sophistication. In fact, most major banks in the USA, the UK and Australia have been hit with phishing attacks