Where Could Your Phished Stolen Data End up?
Phishing is an attempt to fraudulently obtain sensitive
information from someone, such as credit card details, user name and
Computer Users are often deceived by Instant messaging or an email
message that directs them to a false website where they are asked
for sensitive information.
These requests can come from popular websites like Facebook,
MySpace, eBay, Yahoo, etc.
Another part of this deceitful phishing process is achieved by "keylogging"
where keystrokes and mouse operations are recorded, and screen shots
are captured enabling access to the
Protected Storage Area in Windows. This is where Internet Explorer
According to an Anti-Phishing Working Group (APWG)
recent report(*) - the number of crimeware web sites used to host
phishing and pharming attacks, spoofed web sites, and other sites
that host malware of various types more than tripled between July
2007 and July 2008.
The updated APWG study shows that phishers are constantly adapting
as they find new opportunities and react to anti-phishing efforts.
Your Phished Stolen Data - where it might end up
Security researchers are concerned that identity thieves and
hackers are not just using phishing and keyloggers to steal
sensitive data but the information captured in this way is often
placed on unprotected FTP sites(a method that allows users to copy
files between their local system and any system they can reach on a
network) making it available to anyone who encounters it.
These FTP sites are packed with stolen information from all over
the world and in many languages. The data held there includes
Hotmail, Yahoo and other email account information, IP addresses,
other usernames and passwords, etc.
Criminals use complex and sophisticated methods to sift through
these data to find what they are looking for, like passwords, bank
account numbers, credit card numbers, etc.
Despite the obvious dangers, there are still many people who
neglect PC security and use their PC without anti-virus protection
or spam blockers.
If your PC is unprotected, criminals can place and use
surreptitious programs on your PC to contact the web. Therefore, it
is essential that your firewall is capable of protecting your PC
from this type of danger - not all built-in firewalls do.
Take particular note the following safeguards:
Don't react to urgent or excitable requests for personal
Remember that banks do not ask for
password details via email.
Don't click on embedded links - type the website address
the web browser. Contact your bank if you
Note that e-commerce companies usually personalize their
Always check the website address line to verify.
Criminals are now replicating the "https://"
that appears when you are
on a secure server. They are also duplicating the
yellow lock that
appears at the bottom of the page which contains
certificate number for the site. If you get a
message saying that the
security certificate number does not match the
site address you should
close your browser.
Install a web browser toolbar that identifies and
protects you from
known phishing websites.
Report all phishing attempts as soon as possible.
(*) The Anti-Phishing Working Group (APWG) is dedicated to
reducing identity theft and fraud through monitoring and combating
phishing, pharming, and email spoofing.
phished stolen data,
.. Richard Rossbauer
me on Twitter