Wednesday, February 27, 2013

Phishing for Romance

Phishing is a type of online fraud that tries to trick you into revealing personal financial information, passwords, credit card numbers, etc. In most cases, phishing takes the form of an e-mail message claiming to come from a bank, credit card company, online retailer or some other legitimate source. Take the SonicWALL Phishing and Spam IQ Quiz (available at http://www.sonicwall.com/phishing/)

Phishing for Romance

Phishing is a form of social engineering in which an attacker, also known as a phisher, attempts to deceptively repossess genuine users’ private or sensitive qualifications by mimicking electronic connections from a trustworthy or public organization in an automated fashion (Jakobsson, 2007). Phishing techniques circumvent an organization or individual’s security measure. It nullifies any firewalls, authentication software, and encryption due to the fact that most “phisers” nowadays uses social engineering to entice possible targets.
Attackers can use different methods in phishing which can vary from a simple phone phishing to website forgery.

The most commonly used method is via e-mail. Attackers can send large amount of e-mails by the use of bot-nets or zombie nets. They will inbox a number of fraudulent e-mails which has links to direct them to a phishing website.
Modified versions of this method is been seen throughout the years and the profile of possible targets also changes. One version is the so-called Romance Scam. Victims would receive an email from an individual stating that he/she saw your account on a social network and proclaims his/her “love”.

Men and women in their mid 40s to 70s with a status of separated or windowed are most likely the target of this scam. Once contact is made, the primary goal of the “lover” is to create a rapport with the victim. He/she would tell the victim that he’s/she’s an engineer for a company with a young daughter and currently based in London or California.

The “lover” will send countless love poems or letters, which are likely copy pasted, to the victim justifying his/her eternal love. Once the victim is groomed, the ‘lover” would pitch in that he/she wants to marry the victim and promises to send money to buy their dream house.

Victims will be subjected to an ecstatic feeling of joy thus overriding their common senses.
Now that the victim is “hooked”, the scam artist will create a story on how the victim can receive the promised money.
They will be instructed that an e-mail coming from a bank containing a transaction slip is needed to be process and signed by the victim.

The transaction slip is almost a true copy of the real one but with some modifications. Some of which contains a part where the victim needs to indicate the CVN/PIN number of her/his credit card or bank account. Signature of the victim is also needed to be indicated and once receive by the scam artist, the account or credit card will be use fraudulently to purchase items.

This is a good example that emotions can contribute in the success of fraudulent activities. We are just human to commit errors but it’s not a reason not to be vigilant. In preventing, users should practice better judgment and not fall to false pretenses.

The technically savvy should not dismiss the facts that technology is also a factor. The lack of information or outdated information greatly contributes to this issue. Developers must go beyond blaming users if they expect to deploy effective countermeasures against phishing attacks (Hong, 2012).

 Tell Tale Signs of a Romance Scam
  • Indication that your profile was seen on a social website
  • Attackers proclaim their “love” the minute you answer their e-mails
  • The usage of an appealing intro like an engineer for a petroleum company, widowed architect, a businessman traveling from country to country. Followed by the heartwarming indication that his/her spouse has died in an accident leaving a young daughter.
  • Asking about personal information regarding bank accounts, credit cards and other monetary information
  • Asking for monetary assistance for certain circumstances like being held in the airport by customs officials, certain tax needed to be paid for a luxury item
  • Promising ridiculous amounts of money to the victim
  • When chatting with the scammer, his accent is clearly not of his said birthplace


References
  • Jakobsson, M. and Myers S. (2007) “Phishing and Counter measures: To Understand the Rising Dilemma of Electronic Individuality Theft”: John Wiley & Sons Inc.
  • Hong, J. (2012) “The State of Phishing Attacks” Communications of the ACM, Vol. 55 No. 1, Pages 74-81


Elad Shalom,
CTO at ITweetLive.com

18 comments:

  1. Wonderful beat ! I wish to apprenticce while you amend your site, how can i
    subscribe for a blog website? The account aided me a acceotable deal.
    I had been tiny bit acquainted of this your broadcast provided bright clear idea

    Look at my blog :: best phone plans

    ReplyDelete
  2. UGGs sale bouwen de basis van de bouw van de basis vroeg drie. Deze persoon is de oudste zoon stijgen wind. Drie zonen elk gebouw de basis, de sterkte van de wind vliegen met de meest krachtige van UGGs UGGs Uitverkoop sale de doorbraak aan de basis van de vierde verdieping bouwen is nu slechts een stap verwijderd.

    Anti-bende kind, helemaal naar achteren. Feiyun een Raindance out hart gekalmeerd, zei UGGs sale snel. UGG Australia Sale deze kleine duivels zullen we goed zijn voor zijn vader pakte. Ik hoorde de woorden understatement voorbij te gaan, zag ik een man van middelbare leeftijd uit Zielig Hof pas van de UGGs sale.

    UGGs sale Een man UGGs Uitverkoop van middelbare leeftijd kwam uit de belangrijkste piek Hof, dat een vijfde man met  vergelijkbaar met een buitengewone dynamiek gezichten, het is de tweede zoon van Qi Raindance, UGGs sale heeft haar een kracht honk bereikte gebouw vloer.

    ReplyDelete
  3. outlet woolrich bologna The house is uggs sale nederland not far from the bar, cheap too lazy to use abilities, leisurely walked home slowly outlet woolrich bologna downstairs, then upstairs to see the lights at home there, then on the floor. Knocked on the door, outlet woolrich bologna there came uggs uitverkoop a man's voice, I told you a hundred times before I made ​​a walk way hemorrhoids. Then, the man opened the door, but the door to see who mouth open with a few seconds of time is not outlet woolrich bologna closed. Oh, how, do not welcome it. cheap cigarettes stubbed out his kinder uggs sale hand, and then gently a bomb. Semi-cigarettes across the shoulders firmly shed the innermost corner of the room wastebasket outlet woolrich bologna inside.

    ReplyDelete
  4. cheap ray ban sunglasses uk being cordial cheap ray ban sunglasses sale conversation with him, as if the three is an old friend of long acquaintance. cheap far cheap ray ban sunglasses uk has been to cheap ray ban sunglasses uk see that person is one of the outlet, they are the real friend, but do not have that kind of cordial meeting after only a strong vendetta. Who is looking for me when I turned out to be small cheap ray bans uk cheap ray ban sunglasses uk leaves ah. cheap surface with a friendly smile, and say the .

    ReplyDelete