Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
The Case of the Copycat Web Site
When going to a web site, while typing in that URL, do you
ever make a typing error? Me, too. When you enter your credit
card information, or user name and password at a web site, unless
you are quite certain you have the right place, you might fall
for a scam. For example:
The Financial Services Authority (FSA), the City [of London]
regulator, recently set up an internet-monitoring unit…
At the moment it is particularly concerned about copycat internet
sites. Fraudsters set up sites with similar addresses to well-known
banks, building societies or insurers. For example, a site could
be called www.barclay.co.uk rather than the correct www.barclays.co.uk.
Investors may unwittingly log on to the site and hand over
money or personal details.
If in doubt, look up the firm's number in the phone book and
call to double-check the site address. Do not rely on any phone
number given on the site because it could be false.
"Investors are prime targets for internet fraudsters.
Buyer beware is the golden rule." -- by Robert Winnett,
http://www.sunday-times.co.uk/
Even if you type in the correct URL, and that web site looks
exactly like the one you are used to, an attacker on the same
LAN as you can fairly easily spoof an IP address or redirect
a Web browser to a phony web server. You don't think someone
in your own company would put up a fake web site to steal passwords
or credit card numbers? Almost half of all computer crime is
committed from inside a LAN.
Following is a true example of a web site set up to scam America
Online customers into inserting their user names and passwords
on a form at that web site:
Dear America Online Member,
We're sorry to bother you, considering its the day before
New Years, but since Y2K is coming within a day, we need your
current billing information because millions of hackers are taking
advantage of the Y2K bug, and we (America Online) are taking
a great amount of action preparing for the worst and would to
ask you to click <A HREF="http://verifybilling.cjb.net">here</A>
for you to fill out your current America Online billing information.
If you do not fill this form before you sign off, we will discontinue
your account, and you will be notified.
Sincerely,
Bill Fieldhouse, Billing Department, Rep ID # 107
More on social engineering --->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to
Ask --->
