As consumers and businesses can create a potential threat of cyber crimes, fishing in the past few years to the spread, the deceptive tricks are endless. The current downturn in the economic form, but also provides a breeding ground for fish, there has been the use of new social engineering to fraud without the knowledge of the phenomenon of consumers and business users.
First, fishing without boundaries
Fishing - to lure computer users to provide sensitive information, identity theft and business data - on both businesses and consumers a very real threat. In the past 10 the next year, the infiltration fishing, fishing in the daily attacks around the world, about 8 million times.
Anti-Phishing Working Group (APWG) reported that, in the second quarter of 2008, light phishing attacks rose by 13%, more than 28,000 times. It also reported that, in the same period, the infected computers to steal the password code, can be used to spread malicious software has been broken on the website 9500 - compared with the same period in 2007, an increase of 258%. Figure 1 shows the fishing - spear phishing in the 16 months of growth.
Second, beware of the latest phishing scheme
* Spear phishing (spear phishing)
Spear phishing attacks only against specific targets, usually the object lock is not a general person, but to a specific company, organization members, such as well-known banks, financial companies and their executives and so on.
Consumers are not the only spear phishing attack target. More and more employees are cunning criminals eyeing. Their goal is to obtain bank information, customer data and other information to support criminal acts of their network.
According to VeriSign iDefense, spear phishing attacks in April 2008 to May during the company launched the attack, reached unprecedented levels. The aim of these attacks is the company's senior management and other important figures. In 15 months, the number of victims of corporate users as much as a staggering 15,000. These victims include Fortune 500 companies, government agencies, financial institutions and law firms.
* Business Services phishing
In addition to spear phishing, the fishing new plot also targeted phishing attacks on commercial services. For example, the use of Yahoo! Introduced relations and Google's AdWords for fishing. According to PhishTank report, AdWords customers will be an e-mail to remind them of accounts need to be updated. , The user will be asked to visit the AdWords interface and a fake credit card information. As many SMEs rely on online advertising to provide site traffic, marketing managers who are vulnerable to anglers eye on.
* The use of economic intimidation launch phishing attacks
Gloomy economic situation, as the criminals phishing attacks launched to provide the facilities. For example, e-mail posing as financial institutions need to obtain from a victim of bank cards, deposits and loans and other financial information, to help deal with bankruptcy or mergers, acquisitions and other matters. A large number of mergers and acquisitions information, so that consumers are confused. To make matters worse, the lack of unified communications, even for those who have nothing to fear of fraud.
* Hybrid Fishing / malware threats
In order to increase the success rate, number of phishing attacks with malicious software, combined manner. For example, a potential victim received phishing e-cards sent by mail, by clicking on the card, the user will not know the conditions in a fake Web site to enter, and the infection site to automatically download over the Trojans . In addition, victims may see a message before viewing the cards need to download the updated software (eg Flash). When the user of the software, when in fact it is a keylogger.
Fishing-based keylogger will track each user access record, and monitor them useful information, such as online shopping, bank card accounts and passwords and other sensitive information.
Another allow phishers to capture sensitive information, Trojans, it is redirected. Redirect the user to enter not make its intended site. At present, based on fishing, keyloggers and redirection are pandemic.
* Middleman SSL penetration attacks
In 2008, the emergence of a new encrypted session enables criminals to deceive the malicious software. This variant of the standard middle attack that allows criminals access to the network transmission unprotected passwords and other sensitive information.
* SMS and phone phishing scams
Phishers may use SMS instead of email to impersonate a financial institution and obtain confidential account information. Known as smishing (short message through phishing attacks), is a typical cellular phone fraud, it will notify the user bank account has been compromised or bank card is disabled, and requested a telephone call to restore banking services. Once cell phone users visit the Web site or through automatic telephone system, will be disclosed fraudulent financial information and bank PIN number.
Third, the impact of fishing on the business
While the financial industry has always been a major target for phishing attacks, but it is not the sole objective of being phishing attacks. Online payment, donation sites, retail and social networking sites often become prey to anglers. Anti-Phishing Working Group (APWG) reported that cell phone providers and manufacturers against phishing attacks also showed a significant growth trend. In other words, no industry or field to escape danger from attack.
Posing as a company's official website phishing attacks, would seriously damage the company's brand image and hurt the confidence of users, allows users to not dare to visit the official website. In addition, the company will be subject to the following effect:
* The impact of customer trust, online revenue and click-through rate will decline
* Once the customer data was leaked, the company should pay compensation
Phishing attacks also cause the user can not easily conduct online transactions, especially for those who do not trust them.
Fourth, to prevent phishing attacks
Although there is no way to deal once and for all phishing attacks, but can still use some techniques to protect your users and your interests.褰撳墠鐨勯挀楸兼妧鏈紝涓昏杩樻槸渚濊禆浜庤浣跨敤鎴风櫥闄嗕吉閫犵綉绔欒幏鍙栫敤鎴蜂俊鎭?璇稿SSL銆丒VSSL绛夋妧鏈湪闃茶寖閽撻奔鍜屽叾浠栧舰寮忕殑缃戠粶鐘姜鏂归潰锛岃繕鏄捣鐫?嚦鍏抽噸瑕佺殑浣滅敤銆?br />
銆??瀹炵幇瀹夊叏鐨勬渶浣冲仛娉曞氨鏄紝寮?惎鏈?珮绾у埆鐨勫姞瀵嗗拰璁よ瘉鎺柦銆係SL锛學eb瀹夊叏鐨勪笘鐣岀骇鏍囧噯锛屽畠鍙互瀵瑰埄鐢℉TTS鍗忚浼犺緭淇℃伅杩涜鍔犲瘑淇濇姢銆傚綋鍓嶇殑缁濆ぇ閮ㄥ垎鎿嶄綔绯荤粺銆乄eb娴忚鍣ㄣ?Internet搴旂敤绋嬪簭鍜屾湇鍔″櫒纭欢閮藉唴缃湁瀵筍SL鐨勬敮鎸併?
銆??涓轰簡甯姪鏈夋晥闃叉閽撻奔鏀诲嚮锛屽苟澧炲己鐢ㄦ埛淇′换锛屽叕鍙镐篃闇?涓?鍙互鍚戠敤鎴疯瘉鏄庡叾涓哄悎娉曠綉绔欑殑鏂规硶銆侲V SSL璇佷功鍙互甯姪浼佷笟瀹炵幇杩欎竴鐩殑銆傚畠鏄叏鐞冮鍏堢殑鏁板瓧璇佷功棰佸彂鏈烘瀯鍜屼富娴佺殑娴忚鍣ㄥ紑鍙戝晢鍏卞悓鍒跺畾鐨勪竴涓柊鐨凷SL璇佷功涓ユ牸韬唤楠岃瘉鏍囧噯锛岃鏂颁竴浠e畨鍏ㄦ祻瑙堝櫒(濡傦細IE7)鑳借瘑鍒嚭 EV SSL 鑰屽湪鍦板潃鏍忔樉绀轰负缁胯壊锛岃鏅?娑堣垂鑰呰兘纭俊姝e湪璁块棶鐨勭綉绔欏氨鏄?杩囨潈濞佺涓夋柟涓ユ牸韬唤楠岃瘉鐨勭幇瀹炰笘鐣岀殑鐪熷疄瀹炰綋锛屼粠鑰屽寮烘秷璐硅?淇″績锛屼績鎴愭洿澶氬湪绾夸氦鏄撱?
銆??铏界劧缃戠粶鐘姜鍒嗗瓙姝e彉寰楄秺鏉ヨ秺浼氭ā浠垮悎娉曠綉绔欙紝浣嗙敱浜庝粬浠病鏈塃V SSL璇佷功锛屽洜姝ゅ湪鍦板潃鏍忎笂 骞朵笉鑳芥樉绀哄嚭浠栦滑鐨勫悎娉曚俊鎭?
銆??闄や簡鍒╃敤EV SSL璇佷功鎶?湳澶栵紝浼佷笟杩樺簲璇ュ鍛樺伐鍜岀敤鎴峰氨缃戠粶琛屼负鍜屽浣曢伩鍏嶆璇堣繘琛屽浼犲拰鏁欒偛銆傛暀瀵间粬浠浣曡瘑鍒豢鍐掔綉绔欙紝濡傦細鎷煎啓閿欒銆佸己鐑堣姹傜敤鎴锋彁渚涗釜浜轰俊鎭?浼?鍩熷悕鎴栬?鏈煡閾炬帴銆?br />
銆??杩樿鏁欒偛浣犵殑瀹㈡埛鍜屽憳宸ワ紝鍦ㄦ彁渚涗换浣曚釜浜轰俊鎭垨鑰呭叾浠栨晱鎰熶俊鎭箣鍓嶅浣曡瘑鍒竴涓湁鏁堢殑銆佸畨鍏ㄧ綉绔欙細
銆??*鏌ョ湅缁胯壊鍦板潃鏍?br />
銆??*纭繚URL涓篐TTPS
銆??*鏌ョ湅瀹夊叏鏁板瓧璇佷功
銆??涓轰簡娑堥櫎閽撻奔鏀诲嚮甯︽潵鐨勬亹鎯э紝鏁欏鍛樺伐鍜屽鎴锋槸鏍戠珛蹇呰鐨勪俊浠荤殑鍏抽敭缁勬垚閮ㄥ垎銆傞?杩囧府鍔╁鎴风悊瑙e浣曠‘璁や粬浠槸鍚︾櫥闄嗗悎娉曠綉绔欙紝浼佷笟鍙互鑾峰緱鏇村鐨勫湪绾夸氦鏄撳拰鐢ㄦ埛璁块棶锛屽苟鎵╁ぇ鐭ュ悕搴﹀拰鏁翠綋閿?噺銆?br />
Summary
銆??缃戠粶閽撻奔浼氱户缁紨鍙樻垚鏂扮殑鑺辨牱锛屽畠浠瘯鍥惧埄鐢ㄤ汉浠浐鏈夌殑鍚屾儏蹇冦?淇′换鎴栬?濂藉蹇冿紝鏉ュ紑灞曚竴杞張涓?疆鐨勯挀楸兼椿鍔ㄣ?鍥犳锛屼繚鎶や紒涓氬搧鐗屽拰瀹㈡埛闇?浼佷笟浠樺嚭涓嶆噲鐨勫姫鍔涖?鍒╃敤鏈?珮绾у埆鐨勫畨鍏ㄩ槻鑼冩帾鏂藉拰EV SSL璇佷功鏁欏鍜屼繚鎶や綘鐨勫鎴凤紝鍙互璁╁鎴峰浼佷笟鐨勫湪绾挎湇鍔″厖婊′俊蹇冦?
相关链接:
John XINHUA introduction of Guangxi sugar set EAM2008OGM to MP4Using De exterminate rabbits annoying ads RMVB MOVIESRefused to applaud for the rotten tomatoesWang Quanguo: To "King Kong" Solid As A RockYuan established the value of win-win connectionUtilize All Practical Use Of Small Floating Window All Captures Thunder 5.9Flying Milky Way God seven AIReBiz.scm IntroductionOGM To MKVShop Registry ToolsFLV TO PSPemail marketing Corregistration and productGood Registry Tools