Analysis and prevention of phishing cases

At present, some of the online use of "phishing" methods, such as the establishment of fake web sites or send e-mail containing fraudulent information, theft of online banking, online securities or other E-commerce users of the account password, so that the theft of user funds of illegal and criminal activities are increasing.

The main technique of "phishing"

One is to send e-mail to lure users into a trap with false information.

Fraudsters send fraudulent emails in the form of spam, these emails to the lottery, consultants, reconciliations and other content to entice users to fill in the mail in the financial account and password, or for a variety of urgent reasons to request the recipient login to a webpage to submit user name, password, ID number, credit card number and other information, and then theft of user funds.

such as the "phishing" emails found in February this year to defraud the accounts and passwords of American Bank (Smith Barney) users, the message uses IE's image map address spoofing vulnerability, and carefully designed the script program, with a display fake address pop-up window blocked the Internet Explorer's Address bar, Makes it impossible for users to see the real address of this site. The status bar displays a false link when the user opens the message with an open Outlook that is not patched.

When the user clicks on the link, the actual connection is the phishing website http://**.41.155.60:87/s. The website page resembles the login interface of the Smith Barney Bank website, and once the user has entered his or her account password, the information will be hacked.

Second, the establishment of counterfeit online banking, online securities website, fraud user account password implementation of theft.

The criminals set up the domain name and the Web page content and the real on-line banking system, the on-line Securities Exchange platform extremely similar website, lures the user to enter the account password and so on the information, then through the real on-line bank, the on-line securities system or the forgery bank card, the Securities Exchange card steals the Fund; That is, the use of legitimate Web server program vulnerabilities, in some Web pages of the site to insert malicious HTML code, shielding some can be used to identify the authenticity of the site's important information, using cookies to steal user information.

If there has been a counterfeit bank Web site, the site is http://www.1cbc.com.cn/, and the real bank site is http://www.icbc.com.cn/, criminals use the number 1 and the letter I very close to the characteristics of the attempt to deceive careless users.

Also such as July 2004 found a fake company website (http://www.1enovo.com/), and the real site for http://www.lenovo.com/, fraudsters use the lowercase letter L and the number 1 very similar camouflage. Fraudsters through the QQ spread "XX Group and XX company jointly donated QQ coins" false message, luring users to visit.

Once you visit the site, first generate a pop-up window, which shows the "Free QQ coin" false message. While the pop-up window appears at the same time, the malicious Web site in the background is through a variety of IE vulnerabilities Download virus program Lenovo.exe (Trojandownloader.rlay), and after 2 seconds automatically to the real site homepage, the user in the unconscious of the virus infected.

After the virus program executes, it will download another virus program Bbs5.exe on the website to steal the user's legendary account number, password and game equipment. When the user chats through QQ, also automatically sends the message which contains the malicious website.

Third, the use of false e-commerce fraud.

Such criminal activities are often the establishment of e-commerce sites, or in the more well-known, large-scale E-commerce website published false merchandise sales information, criminals received the victims of the shopping remittance after the disappearance. As in 2003, the criminal 佘某 set up a "strange Equipment Network" website, the sale of espionage equipment, hacker tools, such as false information, lured employers to import the purchase money into their false identity in a number of banks open accounts, and then transfer money cases.

In addition to a few outlaws themselves to establish e-commerce sites outside, most people use in well-known e-commerce sites, such as "ebay", "Taobao", "Alibaba" and so on, the release of false information to the so-called "super low price", "tax-free", "smuggled goods", "Charity Bazaar" in the name of selling a variety of products, or shoddy, To smuggle goods into the mainstream, many people under the temptation of low prices deceived. Online transactions are mostly offsite transactions and often require remittances. Outlaws generally require consumers to pay some of the money, and then for various reasons to lure consumers to pay the balance or other kinds of nominal sums, get money or be seen, immediately cut off the contact with consumers.

Four is the use of Trojan Horse and hacker technology and other means to steal user information after the implementation of theft activities.

Trojan Horse by sending mail or hidden in the Web site Trojan and other ways to spread the Trojan program, when infected users of the Trojan online transactions, Trojan Horse program that is the way to access the keyboard record user account and password, and sent to the designated mailbox, the user funds will be seriously threatened.

If the internet appeared last year to steal a bank's personal online account number and password Trojan horse Troj_hidwebmon and its variants, it can even steal user digital certificates. Also like last year's Trojan Horse "security thieves", it can through the screen snapshot of the user's Web login interface saved as a picture, and sent to the designated mailbox. Hackers through the picture of the mouse click location, it is very likely to decipher the user's account number and password, thereby breaking the soft keyboard password protection technology, a serious threat to investors online securities trading security.

Another example of the theft of bank depositors in March 2004, Chen through his personal web page to visitors to the computer to grow Trojan Horse, and then steal the visitor's bank account and password, and then through electronic bank transfer to carry out the theft.

Then to a city Xinhua bookstore website (http://www.**xhsd.com/) was implanted "QQ thieves" Trojan virus (TROJAN/PSW. QQROBBER.14.B) as an example. When you enter the site, the page does not show any suspicious, but the home page code in the background to open another malicious Web page http://www.dfxhsd.com/icyfox.htm (exploit.mhtredir), the latter using the Internet Explorer MHT file The implementation of the vulnerability, in the user does not know to download the malicious CHM file Http://www.dfxhsd.com/icyfox.js, and run embedded in which the Trojan horse program (TROJAN/PSW. QQROBBER.14.B). After the Trojan is run, it will copy itself to the system folder, add the registry key, and the Trojan can run automatically when Windows starts, and will steal the user QQ account number, password and even identity information.

Five is the use of user weak password and other vulnerabilities to crack, guessing user accounts and passwords.

Criminals use some users covet easy to set weak password loopholes, the bank card password to crack. As in October 2004, three criminals searched the bank's savings card number from the Internet, then landed on the bank's online banking site, trying to crack down on weak passwords and repeatedly succeeded.

In fact, criminals in the implementation of network fraud in the process of criminal activities, often take the above several methods interwoven, with, and some through mobile phone text messages, QQ, MSN to carry out a variety of "phishing" illegal activities.

"Phishing" prevention knowledge

For the above outlaws commonly adopted network fraud, the vast number of online electronic finance, E-commerce users can take the following precautionary measures:

First, for e-mail fraud, the vast number of netizens who received the following characteristics of the message to be vigilant, do not easily open and listen to: one is to forge sender information, such as ABC@abcbank.com; second, greeting or opening words often imitate the tone and tone of the counterfeit unit, such as "Dear User"; A lot of content for the delivery of urgent information, such as the account status will affect the normal use or claiming to be through the website update account information, etc. four is to obtain personal information, require users to provide passwords, accounts and other information. Another type of mail is to lure consumers with ultra-low prices or customs checks and no products.

Second, for counterfeit online banking, online securities web site, the vast number of online electronic finance, E-commerce users in the online transactions should pay attention to do the following: First, check the Web site to see if it is consistent with the real site; the second is to select and keep good passwords, do not choose such as ID number, birth date, telephone number, etc. It is recommended to use letters and numbers to mix passwords try to avoid using the same password in different systems; third, do a good transaction record, online banking, online securities and other platforms for transfer and payment of business records, regular review of "historical transaction details" and print business statements, such as abnormal transactions or errors, immediately contact with the relevant units Four is to manage the digital certificate, avoid the use of online trading systems on public computers; Five is on the abnormal dynamic vigilance, such as careless in the unfamiliar Web site entered the account and password, and encountered similar "system maintenance" such as prompts, should immediately call the relevant customer service hotline to confirm, in case the information is stolen, Should immediately modify the relevant trading password or the bank card, securities trading card reported loss; Six is through the correct procedures to login payment gateway, through the official publication of the Web site to enter, do not find through the search engine URL or other unknown site links to enter.

Third, for the information of false electronic commerce, the majority of netizens should master the following characteristics of fraud information, do not be fooled: one is false shopping, auction sites appear to be more "formal", there are company name, address, contact telephone, contact, e-mail, etc., and some still have Internet Information Service record number and credit qualification, etc. Second, the transaction mode is single, the consumer can only through the bank remittance way purchase, and the payee is an individual, rather than the company, the ordering method is to use the first payment after the manner of delivery; The third is to defraud the consumer money is the same way, when the consumers remit the first money, swindlers will call for a variety of reasons to request the transfer of the balance, such as the risk of gold, deposit or tax fees, otherwise will not be shipped, nor refunds, some consumers are forced to remit the first paragraph, holding a lucky mentality to continue to remit; four is in the network transactions, to deal with the site and trading each other's qualifications to carry out a comprehensive understanding.

Iv. Other network security precautions. First, the installation of firewalls and anti-virus software, and often upgrade; second, the attention to the system is often patched to plug the Software vulnerabilities; third, the browser is prohibited to run JavaScript and ActiveX code; Four is not on the Web site do not know, do not download from the Internet after the anti-virus processing software, Do not open MSN or QQ upload sent over the unknown file, etc., to improve self-protection awareness, pay attention to the proper custody of their personal information, such as my ID number, account, password, etc., do not disclose to others, as far as possible to avoid in the Internet cafes and other public places to use online e-commerce services.