New Phishing, Scam Tactics Become Tougher To Detect

Fraudsters are constantly looking for new methods of stealing personal information, making traditional ways to spot illegitimate sites or potential malware attacks ultimately useless. Graham Cluley reports the emergence of two new cyber crime tactics.


 Tactic #1: JavaScript Redirect

 Phishing has been a favored practice of criminals for decades. And why not? It has proven highly successful for stealing personally identifiable information (PII). Traditionally, phishing websites and emails had easily recognizable characteristics: grammar and spelling errors, obscure hyperlinks, unfamiliar sender domains and odd attachment file extensions (.exe, .html, double extensions, etc.).  For the most part, hovering over hyperlinks to confirm their true destinations and examining file extensions were effective in avoiding a phishing attack. Unfortunately, this may not be the case today.


How does tactic #1 work?

A technique that uses hidden JavaScript redirect tools to capture information was recently discovered, targeting PayPal customers. The phishing attack begins as an illegitimate email, just like any other phishing attempt. Then hackers trick their victims into providing their sensitive information by linking them back to legitimate sites. However, the JavaScript redirect tools are secretly sending the information back to the hackers themselves (despite the form appearing like it came directly from the legitimate site). In the PayPal example, the email had an HTML page attached that redirected respondents to a form asking for their personal information. The submit button at the end of the form linked users back to the legitimate PayPal site, rendering the “URL hover” prevention method ineffective.

Initial phishing attempts may still utilize email attachments that can make these attacks easier to spot. But, researchers fear that hackers could turn the illegitimate pages or forms into active websites with names similar to legitimate websites. As a result, these phishing attacks could be virtually impossible to detect.

READ MORE: JavaScript is a popular programming language for the web 

 

 

Tactic #2: Internet Service Provider (ISP) Scam

Scams work by impersonating an individual or a business to obtain funds or your personal information under false pretenses. Tech support scams where hackers create fake anti-virus pop-ups or impersonate tech representatives over the phone to gain access to your computer have become increasingly popular.

However, a new type of tech support scam has emerged, using legitimate computer software as a front door to users’ computers. Hackers are now able to impersonate an individual’s Internet service provider (ISP) to either gain remote access to the victim’s computer or scam them out of money for their “services.”


How does tactic #2 work?

Criminals grab victims’ IP addresses to determine their ISP through single-pixel malware hidden in ads or graphics on legitimate websites. These tracking devices, known as web beacons, are typically used to learn more about a user’s activity like whether individuals have opened emails, clicked on links or visited various website pages for marketing purposes. 

Hackers have taken this approach because it’s a more efficient and cost-effective way to gain access to your personal computer. Hidden malware allows hackers to go virtually undetected, as cold-calls and unfamiliar pop-ups have become obvious cons to avoid.

READ MORE: Web beacons are used to perform numerous functions 

 

What should you do to prevent these tactics from compromising you?

  • Look for the green lock icon at the top of the web address bar to ensure you are using a secure website before entering any personal information into online forms.
  • Always contact your ISP directly if you receive any notifications regarding your service or if you are in need of technical support.
  • Never open email attachments from senders that you do not know, especially if they have unusual or multiple extensions.
  • Take advantage of your Internet browser web tools (like Firebug for Firefox) to inspect suspicious elements of a website’s code. 

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

Eugene oversees the architecture of the core technology platform for Sontiq, the parent company of the EZShield and IdentityForce brands. He also manages the...
Read more about Eugene Bekker.

Leave a Comment.