Stinkysteve
07-23-2004, 12:56 PM
Story here:
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23905029
Microsoft Pitches Into Phishing Battle
By TechWeb News
Microsoft on Wednesday said it would contribute both software and a paid analyst to a forensics organization that's fighting phishing scams.
The Redmond, Wash.-based developer is handing over $46,000 in software and the services of a full-time analyst to the National Cyber-Forensics and Training Alliance (NCFTA), a group created by the FBI, the National White Collar Crime Center (NW3C), and others.
The analyst's primary responsibility will be to analyze data related to phishing attacks, although he'll also assist in investigating data about compliance with the CAN-SPAM Act, the federal anti-spam legislation that went into effect Jan. 1.
The analyst will be drawn from Microsoft's Internet Safety Enforcement group.
Phishing scams typically begin with spammed e-mail messages that entice users to fake Web sites which mimic legit sites. Once at the bogus site, consumers are asked to enter passwords and other confidential information, such as bank and credit card numbers.
Phishing attacks have skyrocketed this year, increasing nearly 200 percent http://www.securitypipeline.com/showArticle.jhtml?articleID=20900320 in April over the previous month, and have been linked to organized crime rings in Eastern Europe. http://www.securitypipeline.com/showArticle.jhtml?articleID=22104197
"The tactics of spammers, hackers, and other online con artists are becoming increasingly sophisticated," said Nancy Anderson, deputy general counsel for Microsoft, in a statement. "These collaborative partnerships among law enforcement, government, industry, and academia are one important mechanism to contain this illegal and destructive activity, and restore consumer confidence in the Internet."
Related story:
http://www.internetweek.com/breakingNews/showArticle.jhtml;jsessionid=FYBOYK1XN4KYWQSNDBCCK HY?articleID=23904994
Instant Messages Carry Latest Phishing Scams
By Dan Neel, CRN
Phishing schemes have moved into the realm of instant messaging.
Security experts on Thursday reported that instant message advertising links to malicious URLs have begun appearing, and that such URLs could be phony Web site fronts used for phishing scams.
Phishing is the act of recreating a clone of a commercial Web site--typically a banking, investment firm or retail Web site--then luring the customers of the legitimate sites to the clone with requests to update personal information like passwords. Once user names and passwords are obtained by the "phishers," victims of the scam risk having their accounts emptied.
One sample phishing scam sent an instant message pop-up reading "you have been sent a picture. To view it, Click here," wrote George Bakosto, an event handler at the Internet Storm Center, Bethesda, Md., in a statement on its Web site. "In this sample, "the From address is four random letters. However, a trusted name could be used."
Of this new form of phishing, Bakosto wrote, "It is important to understand that most instant messaging systems use only weak authentication schemes. Instant messaging is not a tool for exchanging confidential information. Only few instant messaging systems allow for encryption and sophisticated authentication. If you need instant messaging to communicate confidential information, use a system that allows you to control the server and provides for encryption and reasonable authentication. Jabber is an example of a free package [with these capabilities]."
Similar instant messaging schemes have been used a few times in the past to distribute viruses, according to Bakosto.
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23905029
Microsoft Pitches Into Phishing Battle
By TechWeb News
Microsoft on Wednesday said it would contribute both software and a paid analyst to a forensics organization that's fighting phishing scams.
The Redmond, Wash.-based developer is handing over $46,000 in software and the services of a full-time analyst to the National Cyber-Forensics and Training Alliance (NCFTA), a group created by the FBI, the National White Collar Crime Center (NW3C), and others.
The analyst's primary responsibility will be to analyze data related to phishing attacks, although he'll also assist in investigating data about compliance with the CAN-SPAM Act, the federal anti-spam legislation that went into effect Jan. 1.
The analyst will be drawn from Microsoft's Internet Safety Enforcement group.
Phishing scams typically begin with spammed e-mail messages that entice users to fake Web sites which mimic legit sites. Once at the bogus site, consumers are asked to enter passwords and other confidential information, such as bank and credit card numbers.
Phishing attacks have skyrocketed this year, increasing nearly 200 percent http://www.securitypipeline.com/showArticle.jhtml?articleID=20900320 in April over the previous month, and have been linked to organized crime rings in Eastern Europe. http://www.securitypipeline.com/showArticle.jhtml?articleID=22104197
"The tactics of spammers, hackers, and other online con artists are becoming increasingly sophisticated," said Nancy Anderson, deputy general counsel for Microsoft, in a statement. "These collaborative partnerships among law enforcement, government, industry, and academia are one important mechanism to contain this illegal and destructive activity, and restore consumer confidence in the Internet."
Related story:
http://www.internetweek.com/breakingNews/showArticle.jhtml;jsessionid=FYBOYK1XN4KYWQSNDBCCK HY?articleID=23904994
Instant Messages Carry Latest Phishing Scams
By Dan Neel, CRN
Phishing schemes have moved into the realm of instant messaging.
Security experts on Thursday reported that instant message advertising links to malicious URLs have begun appearing, and that such URLs could be phony Web site fronts used for phishing scams.
Phishing is the act of recreating a clone of a commercial Web site--typically a banking, investment firm or retail Web site--then luring the customers of the legitimate sites to the clone with requests to update personal information like passwords. Once user names and passwords are obtained by the "phishers," victims of the scam risk having their accounts emptied.
One sample phishing scam sent an instant message pop-up reading "you have been sent a picture. To view it, Click here," wrote George Bakosto, an event handler at the Internet Storm Center, Bethesda, Md., in a statement on its Web site. "In this sample, "the From address is four random letters. However, a trusted name could be used."
Of this new form of phishing, Bakosto wrote, "It is important to understand that most instant messaging systems use only weak authentication schemes. Instant messaging is not a tool for exchanging confidential information. Only few instant messaging systems allow for encryption and sophisticated authentication. If you need instant messaging to communicate confidential information, use a system that allows you to control the server and provides for encryption and reasonable authentication. Jabber is an example of a free package [with these capabilities]."
Similar instant messaging schemes have been used a few times in the past to distribute viruses, according to Bakosto.