Mink Machine

The modern plague of phishing

Once upon a time, the so-called Nigerian letters were adopted to online versions by devious spammers. They were basically email versions of advance fee frauds and I suppose that a few people fell for these traditional scams delivered by snail mail. Unfortunately the spammers have evolved along with the rest of the world. The vulnerable exploit has been changed from “common sense” to “advanced computer knowledge”.

Phishing and other fraud involving social engineering techniques has expanded a lot during the last years and it can be found in email, IM, blog comments and more. Anti-phishing filters are having a hard time to keep up with the attackers. There are often several clues which reveals the phishing attempt, such as spelling errors, IP address instead of host name and lack of personalization in the message.

However, modern malice such as IDN spoofing and cross-site scripting makes it hard for casual surfers to detect the phishing activity. Even Hanselman got phished (and immediately felt embarrassed). If even computer-savvy experts fall prey to this kind of scam, it’s definitely gotten bad. How can we as developers better protect the average web citizens?

Modern browsers such as Firefox 2, Opera and Internet Explorer 7 contains anti-phishing support by using blacklists of known phishing sites. Anti-phishing toolbars can help by displaying correct domain names. But technology can’t save people from themselves, which is one of the reasons why social engineering techniques are so devious and hard to counter. In the end, it often comes down to common sense:

Would you give your car key to someone in the street claiming to be a mechanic for free? Not likely.

Would you send your bank account number and pin code in plain text to someone on the internet claiming to be working for your bank? Apparently several people seem to think this is a great idea.

Software developers are putting in a lot of effort to get rid of the phishing threat, but that doesn’t justify anyone to shut off their brain entirely as soon as they connect to the web.

2 comments

  • avatar
    Mandus
    18 Jul, 2007

    I guess part of the problem is the general opinion that most stuff on the internet is/should be free. The free mechanic in real life is usually a good friend or relative, on the internet it could be the open source community giving you quality software for free, or some dubious company giving wanting to scan your computer for viruses and other stuff.
    That said, one of the e-mails regarding Nordea (Swedish bank facing a lot of problems with phising attacks) actually found it’s way into my inbox a while back. The grammar was quite bad, no signs of the letters åäö and a very unprofessional feel to the layout makes it hard to believe that any one would for that.
    But then again, you can find most of that if you ask for a flyer at your local pizza delivery. Even if I would be genuinly surprised if they asked me for my account name and password. ;)

  • avatar
    19 Jul, 2007

    Yeah, I’ve also got a few of the “Nordea” phising mails. They are hilarious! I especially enjoy the sender “Nordea fraudkampavdelningen”.
    I suppose the spammers would be more successful if they managed to translate it better and avoid dozens of spelling errors in a supposed letter from a large bank.

Post a comment

Your email address will not be published. Required fields are marked *

Featured stories

Good morning Montenegro

"One would almost think that all this secrecy was made on purpose to keep the hordes of tourists away. Let them all perish in the crowds of Dubrovnik while the people of Montenegro can enjoy their beautiful country on their own. Or something like that."

Roaming the cobblestones of Istanbul

"Inside the church there are still traces of rune inscriptions made during the Viking age by Varangians, an elite guard made up of Scandinavian immigrant warriors."

Bunker safari

"The area contains 54 excavated bunkers along with gun emplacements, scattered around the town’s most visible landmark."

The urban maze of Tangier

"There are exciting things waiting around every corner and my bucket list is long, but the Medina has a mindset of its own regarding time and space."

The lakes of Lombardy

"The town of Como, largest settlement around Lake Como, attracts a lot of people with big wallets. But I preferred to take the funicular up the mountain to the Brunate region, where you get a much better view of the lake."

On the Trans-Siberian

"Since the toilets were locked during the seven hour stop, we had to bribe the provodnitsas to use the facilities. Then came the Mongols."