Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Paper: Why Phising Works

  • 03-04-2006 11:34pm
    #1
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭


    This paper gives an interesting insight into how phising techniques are able to trick people into giving over their information.

    Its a very good read that offers a glimpse into the thoughts of a group of users who were asked to determine the real from the fake during a test of 19 websites, some phising sites that were cunningly constructed.

    In some ways it tells us things we already know (users don't read dialogs before clicking "OK"), but other things are just scary.

    Who knew that Chinese, two "v" characters, and a bear would have so much in common...


Comments

  • #2
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    it works because not everyone is as nerdy as us and dont know what ssl is
    and are just happy things work when the big message goes away.

    Phishing will work until people are educated on the signs of problems and this will take time as its not as easy to see as atm fraud where hardwre is stuck to the machine and can be physically shown to the person.

    In time phychies wont be a problem :D:D


  • #3
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    It works because people are stupid and lazy.


  • #4
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭Martyr


    this tool reminds me of the Shellcode Generator written by Z0mbie couple of years ago.
    everything in that was point/click.

    there are still alot of things that could be used to fool people, even the most paranoid.
    like that man-in-the-middle IRC/IM scenario where a malicious program behaves as a proxy between 2 people who already know & trust each other.

    On IRC, an automated program could contact 2 people that know each
    other but on different servers, initiate a conversation with both before linking the 2 together & further monitoring the words exchanged.

    it could then identify keywords based on a list specified by the criminal gang & perform some procedure on these.

    one idea is to monitor keywords like "sex" or "mp3" which alot of people use the internet for.When these keywords are identified in chat, send a URL address of the local host (proxy), a web server with exploits for particular browsers (analysed upon connection) can then be sent.

    (some irc servers nowadays allow the option of masking each users hostname)

    say its "mp3" the malicious program would send 2 strings to each user.

    "check out the mp3 http://malicious_www/mp3.html" (simplistic example)

    and its assumed that because there is a level of trust between the 2 users, they would both visit the link where a server waiting to analyse the browsers request would then decide appropriate exploit to use.

    incase a situation arose where either one or both queried the address, the proxy would cut-off communication until it had received atleast one connection.

    this sounds more like a virus attack, but the proxy man-in-the-middle has never really been exploited yet i don't believe.


Advertisement