An Introduction to Phishing for Noobies

[iterrorist]

What is Phishing: A noobs introduction to phishing and

scamming.



Source: Hacking Exposed 6: Network Security Secrets &

Solutions.

Feel free to sticky this in the Scamming section

considering it is pretty useful =p





Socio-Technical Attacks: Phishing and Identity Theft.

Although we think it's one of the more unfortunate terms

in the hacker vernacular, social engineering has been

used for years in security circles to describe the

technique of using persuasion and/or deception to gain

access to information systems. Social engineering

typically takes place via human conversation or other

interactions. The medium of choice is usally the

telephone, but it can also be communicated via an e-mail

message, a telecision commercial, or countless other

media for provoking human reaction.

Social-engineering attacks have garnered an edgy

technical thrust in recent years, and new terminology

has sprung up to describe this fusion of basic human

trickery and sophisticated technical sleight-of-hand.

The expression that's gained worldwide popularity is

phishing, which is defined as follows by the

Anti-Phishing Working Group (APWG)
[http://www.antiphishing.org]

Phishing attacks use "spoofed" e-mails and fraudulent

websites designed to fool recipients into divulging

personal financial data such as credit card numbers,

account user names and passwords, social security

numbers and in OUR case Warcraft and Steam and other

account details.

Thus, phishing is essentially classic social engineering

married to Internet technology. This is not to minimize

its impact, however, which by some estimates costs

consumers over $1 Billion annually, an amount that is

growing steadily. This section will examine some classic

attacks and countermeasures to inform your own personal

approach to "avoiding" such scams.

PHISHING TECHNIQUES

APWG is probably one of the best sites for cataloging

recent widespread scams. The common themes to such scams

include:

- Targeting financially consquential online users.
- Invalid or laundered source addresses.
- Spoof authenticity using familiar brand imagery.
- Compelling action with urgency.


As one might imagine, phishing scam artists have very

little desire to get caught, and thus most phishing

scams are predicated on invalid or laundered source

addresses. Phishing e-mails typically bear forged "From"

addressed resolving to nonexistent or invalid e-mail

accounts, or are typically sent via laundered e-mail

engines on compromised computers and are thus irrelevant

to trace via standard mail header examination

techniques. Similarly, the websites to which vistims get

directed to enter sensitive information are temorary

bases of operation on hacked systems out on the

Internet. If you think phishing is easy to stomp out

simply by tracking the offenders down, think again.

The success of most phishing attacks is also based on

spoofing authenticity using familiar brand imagery.

Again, although it may appear to be technology driven,

the root cause here is pure human trickery.

Even more deviously, more sophisticated attackers will

use a broawser vulnerablilitu or throw a fake script

window accross the address bar to dis***** the actual

location.






Regards,

iTerrorist

[Tierman]

wtf is this shit?

[Lost Captain]

This is spartaaaaaa

[Deadly Tomato]

Sorry, this is a copy and paste as yo usay, but it's meant to be for a new person! Too much jargon

[iterrorist]

Nah it is not copy and paste I retyped it and its hardly complecated. The whole point of all this is to help people learn about scamming which doesn't comprise of handing them everything on a plate, the idea would be you read the article and then research what you don't understand which in turn will lead on to more learning....the way its supposed to be done.

[Deadly Tomato]

"The success of most phishing attacks is also based on

spoofing authenticity using familiar brand imagery.

Again, although it may appear to be technology driven,

the root cause here is pure human trickery. "

[iterrorist]

How the article was written is not my choice, I enjoyed it and found it useful and thought I would throw it up here for you guys...