What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Everything You Wanted to Know about Social Engineering -- But Were Afraid to Ask...


The Case of the Copycat Web Site

When going to a web site, while typing in that URL, do you ever make a typing error? Me, too. When you enter your credit card information, or user name and password at a web site, unless you are quite certain you have the right place, you might fall for a scam. For example:

The Financial Services Authority (FSA), the City [of London] regulator, recently set up an internet-monitoring unit… At the moment it is particularly concerned about copycat internet sites. Fraudsters set up sites with similar addresses to well-known banks, building societies or insurers. For example, a site could be called www.barclay.co.uk rather than the correct www.barclays.co.uk.

Investors may unwittingly log on to the site and hand over money or personal details.

If in doubt, look up the firm's number in the phone book and call to double-check the site address. Do not rely on any phone number given on the site because it could be false.

"Investors are prime targets for internet fraudsters. Buyer beware is the golden rule." -- by Robert Winnett, http://www.sunday-times.co.uk/

Even if you type in the correct URL, and that web site looks exactly like the one you are used to, an attacker on the same LAN as you can fairly easily spoof an IP address or redirect a Web browser to a phony web server. You don't think someone in your own company would put up a fake web site to steal passwords or credit card numbers? Almost half of all computer crime is committed from inside a LAN.

Following is a true example of a web site set up to scam America Online customers into inserting their user names and passwords on a form at that web site:

Dear America Online Member,

We're sorry to bother you, considering its the day before New Years, but since Y2K is coming within a day, we need your current billing information because millions of hackers are taking advantage of the Y2K bug, and we (America Online) are taking a great amount of action preparing for the worst and would to ask you to click <A HREF="http://verifybilling.cjb.net">here</A> for you to fill out your current America Online billing information. If you do not fill this form before you sign off, we will discontinue your account, and you will be notified.
Sincerely,
Bill Fieldhouse, Billing Department, Rep ID # 107

More on social engineering --->

Back to the index of "Everything You Wanted to Know About Social Engineering -- But Were Afraid to Ask --->


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 © 2013 Happy Hacker All rights reserved.