iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Phishers Could Trawl With Pre-Phishing Attacks
Search:
[ news_security_news ]

Phishers Could Trawl With Pre-Phishing Attacks



David Utter
Staff Writer
2007-04-24

SecurityProNews: Insider Reports Insider Reports RSS Feed


If a pre-phishing attack works, it gives up a couple of pieces of information to the attacker: a username and password combo for a 'non-critical' website, and the fact the recipient might be credulous enough to fall for other phishing attacks.

Patience may be a virtue for some online criminals. A minor phishing attempt could lead to a greater payoff later, setting the scenario for future attempts to make illicit financial gains.

Symantec researcher Nick Sullivan discussed the concept of pre-phishing on their Security Response Weblog. This reconnaissance lets the attacker find out just how successful other phishes could be, if a non-critical site phish works first.

"A site is considered non-critical if access does not give an attacker an immediate financial payoff. Examples of non-critical sites are Web-based email accounts and social networking sites," Sullivan said.

After a successful phish, the attacker has a login combination that could work on other sites. To get an idea of places to try, Sullivan wrote how a spammer could place a CSS history hack on the phishing website to grab a list of places the person visits.

If that yields sites like online banking or retailers, the criminal can try to login with the stolen non-critical credentials. A valid login will probably lead to a quick theft of funds, or an order from a retailer that would be directed to another address.

"Each successful pre-phishing recon attack will give an attacker a profile to be used in future context-aware attacks," said Sullivan. "The type of context-aware phishing attacks that can be thought up using this set of information is limited only by the attacker's creativity."

---

AddThis Social Bookmark Button   AddThis Feed Button


Tags: , ,


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds