Symantec informed about the situation of spam and phishing in March, in which Brazil, Russia, India and China (BRIC) have the volume increase for the first time since August last year. The volume of spam daily average increased by 8.7 percent in February compared with the previous month. Overall, spam accounts for 80.65 percent of all email in that month, compared with 79.55 percent in January (28 / 3).
Symantec also observed a mass phishing attacks in February on a famous brand credit card services. There are URLs in the attacks which are all protected using Secure Socket Layer (SSL). To make a phishing site that uses SSL, phishers have to make a fake SSL certificate or original certificate attack to get the encryption on the site.
Symantec observed that phishing sites that use SSL are very few, in a kind of assault, carrying more than 100 phishing URLs that use a fake SSL certificate. Attackers do so by providing a phishing site on a single IP address is broken down into a number of domain names. SSL certificate with the date of issuance in 2006 and ended in 2007 was not valid, but the main motive of the phishers create sites appear legitimate and convincing users that the site is safe.
Phishing sites are fake a name credit card services, which target customers from Switzerland and phishing pages using the French language. Users are asked to provide login credentials of a famous brand of e-commerce. There, phishers attempt to gather confidential information from these two brands with the same phishing attacks. This phishing site hosted on a server located in California, USA.
Phishing site requesting personal information in a two-step process. The first step is to verify user identity. Here, users are asked to enter your name, date of birth, address, email and passwords of e-commerce brands, and the birth mother's middle name. The second step asks banking data including bank name, bank ID, the card owner's name, card type, card number, personal code, the card end date, and CVV number. After entering personal information, phishing sites redirect to a blank web page. If users become victims of a phishing site, the phishers will successfully steal their information to obtain financial gain.
Symantec provides some tips for users to be more careful in doing various activities in cyberspace, such as the following:
* Unsubscribe from the mailing list if you do not want to receive messages
again from the mailing list.
* Be selective in terms of site when you register your email address.
* Avoid displaying your email address on the Internet, and use your own email
address which is not your primary email.
* Report spam if you have the option to do so.
* Delete all spam
* Avoid clicking on suspicious links in emails or IM messages, because it could
be connected to a fake site.
* Ensure that the operating system is always updated with the latest updates,
and use a comprehensive package of security software.
* Consider the anti-spam solution that has a good reputation to handle the
filtering in your entire organization, such as Symantec Brightmail messaging
security solutions family.
* Not open email attachments from unknown. This attachment can infect your
computer.
* Usually the forged email address, and reply to email spam spam spam will
result in another, so you do not reply to spam email.
* No fill out forms in messages that request personal or financial information
or passwords, for leading the company is unlikely to ask for your personal
information via email
* No purchase products or services from spam messages
* Not open spam messages
* No forward any virus warnings you receive via email, as it may be this is the
news lie / hoax.
source : www.symantec.com
http://chip.co.id/news/read/2011/03/29/478424/Waspadai.Spam.dan.Phising.dari.Email.dan.Situs.Bersertifikat
0 komentar:
Posting Komentar