Examples of Punycode in Phishing

Posted by on Jun 8, 2011 | 0 comments

Punycode can sometimes be identified by links starting xn--Punycode is a term used to describe the transformation of IDNA protocol into ASCII codes. Only a limited number of ASCII numbers and characters are utilized in Punycode encoding: 0-9, A-Z, and also the hyphen (-), therefore making the ASCII characters in any Unicode string to be represented like that. In the case of non-ASCII characters, they are expressed by ASCII characters which are permitted in the labels of any host domain name. Different prefixes are utilized by different encoding methods and also any translation into Punycode is purely determined by the web browser of the internet user.
 
It is possible to carry out a phishing attack with the use of the same method in punycode. Punycode in phishing is really a way a cyber criminal tricks computer users through the remote system they're interacting with, by taking advantage of the truth that a variety of characters look alike. For instance, an individual often visiting paypal.com might be attracted to follow the link [Сlickbank.com] (punycode: xn--lickbank-xjg.com/) in which the Latin C is changed using the Cyrillic С (which is actually the Russian sound for ‘s’. This type of punycode phishing is also called script spoofing. Unicode includes many writing systems, and for several reasons, characters which look alike, for example Latin O, Cyrillic О and Greek O, were not given exactly the same code. Their malicious or incorrect usage is really a possibility for security attacks.
 
Because punycode enables websites to make use of full names of Unicode characters, it is possible for users of IDNA to be exposed to phishing attacks. Through IDNA, it is possible to make a spoofed site that appears the same as another, including security certificate and domain name, but is in fact controlled by another person who is just trying to steal personal data.
 
Phishing attempts using punycode can look very real.Phishing is a technique to trick internet users into going to fraudulent websites. Phishing websites are made to appear like the normal pages of popular websites like PayPal and eBay. People are invited to click links through spam mails to users of MSN, AOL, Yahoo, Gmail, etc. The spam messages may look very authentic, showing corporate logos and formats like the ones employed by those popular websites in their messages to customers. Typically, they request for verification of certain information, for example passwords and account numbers. For the fact that the e-mails look very legitimate, as many as 20% of unsuspecting recipients may respond, leading to Identity theft, financial losses, and other fraudulent activities.
 
A lot of web browsers have been including a lot of security features in order to combat the problem of punycode in phishing. Google Chrome always displays punycode for components mixing letters from many languages. For instance, there's not really a single language that consists of all characters present in http://søñdërzeiech?domæînistsuþer.p , therefore this is shown as punycode. In the same way, http://Сlickbank.com (having a Cyrillic "С") will show as punycode, even when Russian and English have been in the recognized languages. This is the way it is done even when the domain is under the TLD whose registry is always protecting against phishing attacks.
 
To be able to address concerns of the usability of punycode, Opera web browser makes use of a white-list for registrars of domain names which have regulations against possible exploits. Therefore, a white-listed TLD displays the Unicode name, while untrusted domain names only display the punycode name with the use of the xn-- prefix. The same measures are being taken by other browsers like Firefox and Internet Explorer.
The Latest Browsers Include Alerts to Possible Punycode Spoofing Attempts
The most recent versions of browsers, including usually warn of the possible punycode in phishing. They do this by showing the website in the browser bar using punycode rather than Unicode characters. If you work with IDNs, it's smart to look at the address bar after loading a webpage to ascertain if the website's address really shows as punycode. If that's the case, it is very likely that you have been forwarded to a phishing site.
Read More

e-Whore – The 21st Century ‘Lady’ of the Night

Posted by on Mar 27, 2010 | 0 comments

E-whoring is a term that refers to a new brand of money-making schemes on the web. Most people know now not to listen to mass emails from Nigerian Princes or banks promising them money if they help them, but new and more subtle forms of money scams have emerged.
If you or someone you know has fallen subject to an e-whore you are more familiar with this phenomenon. Perhaps you think you know enough not to get fooled again. Still, educate yourself and read as much as possible, and don’t stop reading this. You never know if you could get fooled in a new and different way.
If you have never, as far as you know, fallen prey to an internet e-whore scam then this information is still more important than you might think. Nobody is airtight and the internet is far from a secure place, with billions of users and very little security.
E-whores will try to get or earn money from someone interested in meeting or talking to someone but will appear so attractive and deceptive that you might just let them walk away with your money.
Still not convinced? It could happen far more easily than you think. If I could be obvious for one second, never let anyone have your credit card number. Everyone knows this, everyone has heard this, and likely you know too. But also don’t give out your credit card number to verify who you are.
What? Don’t be insulted. Scammers will hide behind what looks like credible-looking sites rather than asking outright for your credit card number. These sites may claim or appear not to charge you and may even seem like real companies but once they have your number the small print will kick in. Commonly the small print will read that unless you do something your credit card will be charged $XX in the next 3 days. The tasks that you need to do change, however in some cases these tasks include submitting your credit card to several different sites. These sites will have a similar scheme going on and you will be facing even greater charges.
 E-whores love to troll dating sites and pretend to be interested in you. Sure, she looks pretty. Um, he.  S/he will tell you she doesn’t like to use this site and to sign up for her favourite social/networking or possibly a  xxx site. It requires a credit card to sign up, but offers a free trial that you can cancel before it charges you. If you give your credit card number, you will soon find that they are charging large monthly membership amounts and are impossible to cancel.
Yay.
Okay, so you stop giving out personal information on the internet. What about taking it? Seems idiot proof enough, doesn’t it? Pretty “ladies” on dating sites will often give out cell numbers and say they are never on the computer but would really love to meet you! If you text these numbers you will be automatically signed up for a monthly service and charged a fee every month that you cannot cancel.
This give a whole new meaning to “do not talk to strangers”.
Another expensive lesson learned. The third method you won’t notice is a pay-per-click link. It doesn’t cost you any money to click on the ad, but it does make the pretty lady some money, in the form of an advertiser paying pennies per click on a link the “e-whore” posts on every website, forum, and yes, your dating profile, and so benefits them to pose as an attractive lady that you really would like to get to know better.
I am always telling you to hide your online identity with software, but in this case software will not help. You must always remember that people are out there to con you, there are software packages available for sale which automate much of this process. So the lovely s/he you are falling for could quite possibly not even be human…
Oh and no Ivan has not been caught out!
Read More

The Need To Protect Your Identity Online

Posted by on Sep 22, 2009 | 1 comment

Who you are has become a precious commodity to identity thieves. For this reason, many people now shred credit card statements, order items by cheque again, and pay with cash instead of debit card.

However, they often forget that the same hackers who stole personal information from corporate and government databases do not have to go so far to gather all the information of your personal identity online.

Why is it important to protect your identity online?

  1. If someone has your account information, researching your personal information can result in finding the answers to your personal questions. Finding your birth certificate can result in knowing the mother’s maiden name, or it could be as simple as asking that information of you at a genealogy chat room. Reading about your favorite sports teams could lead them to your most likely password. Reading your blog could lead them to know where you consider home to be, another common security question. Thus a little online sleuthing can yield the answers to the security questions that were meant to protect your accounts, and it is information we have often already made available if you do not take steps to protect your identity online.
     
  2. Your online identity can provide the information necessary to perform identity theft in the real, financial world. Without your current account information but armed with your real information, they may learn enough from your online identity enough to pretend to be you in the real world. Your name, address, and phone number are easily looked up. A social networking site can provide your employer and perhaps even income verification. Information on where you shop, your opinions of credit cards, your online portfolio analysis – all of this information attached to your online identity can give a would-be thief enough information to fill out the necessary forms to get a solid Gold credit card with your name on it.
     
  3. If you do not protect your identity online, it is easy for someone to gather all of your personal information and then pretend to be you. A former business partner who wants to discredit you through professional forums, an ex-girlfriend or boyfriend who wants to destroy your life online, all of the information to do can be gleaned unless you have already protected your personal identity online.
     
  4. Spear phishing is targeted phishing with the goal of either hacking someone’s computer or eliciting information out of them. This may be done by foreign corporations wanting technical information from a rival firm. It may be done by foreign nationals targeting those with security clearance in the United States. If you have not protected your identity online, you have given these predators the ability to approach you wrapped in a protective cloak. Potentially worse is that you have an insecure online identity, and the phishing attacks of these entities can be done from your online identity, leading law enforcement and searchers to your doorstep
    .
  5. Many companies now do social networking searches of potential employees. If your online identity is either less than perfect or easily made falsely slanderous, you will lose out on employment and consulting opportunities.

Thankfully there are ways to protect your identity online, and the use of anonymous browsing software is the first step we all should take.

 

Read More

Social Networking Dangers and Rules

Posted by on Sep 10, 2009 | 3 comments

Web Security is all about educating yourself about online hazards. Education is the answer to computer security and protecting youngsters on the web. All parents need to educate themselves about Internet security, cyberbullying, and social networking dangers. These all represent threats which did not exist just a few years ago, certainly your old Dr Spock books are going to be no use here!

Social networking is growing at an amazing rate, with children of all ages and online predators and cyberbullies using these sites more and more. Parents should understand the guidelines for protecting children each site has, and if you do not believe the rules are strong enough don’t let your child join the site. There are some basic ground rules for social networking sites including MySpace, Facebook, etc for kid safety.

  • First, don’t let your child to use their real name, make a new nickname just for the online world.
  • Second , make sure your child understands not to post your home address, home telephone number, or cell phone number.
  • Third, make a time-frame for when you child can be online .
  • Fourth, all photographs should be reviewed before being posted online .

You should understand that everything your child does on the internet is recorded there forever, once something is uploaded there is generally no delete button. As soon as a site is indexed by a search engine copies are made, so even if you delete the original you will still find thousands of copies all around the net.

Parents should know the way to work the social networking sites which includes making comments on pages, the wall, email, and posting photographs. If possible you should create an account on the social networking site to join in with your children. You can insist to your child that they will not have an account unless they make you a friend so that you can observe their wall, evaluate their friend list and assess the photos getting posted on the web. This simple act will help you forestall online predators from contacting your youngster. I understand most chiildren are not going to like this, but being upfront about everything is far better than being sneaky and being found out.

Cyberbullies bring into play a selection of technology to make threats, trouble, or make the Internet uncomfortable for children. Victims are often kids and the cyberbully generally goes to the same school as your child . Cyberbullies send e-mails, IM or messages to the victim’s cell or computer. This is starting to become even more popular on social networking sites. Parents need to chat to their kids to see if this is happening to them.

Web safety for children is all about parents being educated about web security. Parents need to take a pro-active role in educating themselves about how social networking site work and what is cyberbullying. The more you educate yourself about the internet and talk to your kids the safer they are going to be.

Read More

The Hidden Dangers of Proxy Servers

Posted by on Aug 23, 2009 | 0 comments

Are you aware that everything you do on the Internet can be tracked right back to your computer through the use of your Internet Protocol (IP) address, which is a code assigned to your by your Internet Service Provider (ISP). This address is unique to you and your connection, at any one time nobody else will be using the same IP address anywhere in the world and logs are kept of who is using what IP address and when they used it. You may already know about your IP address and are doing your best to protect yourself by using a proxy server. A correctly configured proxy server will appear on the Internet to be just another user, even though in reality there could be thousands of people behind it. While it will be possible to track you back as far as the proxy server it will be impossible to go any further.
 
That is assuming it is a correctly configured proxy server and not one run by a malicious webmaster intent on harvesting as much information as possible!  You see when you use a proxy server you are putting a lot of faith in the people running it, and how well do you really know them?  Probably not well at all, I will highlight some of the issues and how you can best avoid them.
 
Firstly how is your data sent? Most public proxy servers work without encryption, this means that any data you send through the proxy server is sent ‘as is’ so if you are typing in your bank login details and password then those will go through the proxy server. So be sure to never visit any sites which require your personal information while using a proxy. This includes your credit card details, so don’t go buying anything over an unencrypted public proxy, if you do you might just as well advertise your card details in the local newspaper.
 
It is not just criminals and hackers who use the information from proxies, you might be quite surprised how many large companies use such a method for market research. If a big retailer sets up an open proxy they can analyse the information going through it, track your buying history and tailor specific marketing campaigns directly at you. This might seem a bit extreme, but it is only an extension of the existing loyalty card scheme, I presume you know that your supermarket loyalty card only exists so they can track your spending patterns?
 
Next go read through the proxy sites ‘Terms and Conditions’ as well as their ‘Privacy Policy’, if you don’t like something or feel even the slightest level of suspicion move on! If at all possible choose a proxy which has a good reputation, one that IT experts use and that has a reputation for being safe.
 
If you are using a public proxy it should be exactly that, completely public, they should not require you to signup, to provide details of any kind. Obviously this does not apply to private proxies where you are paying for a premium service, however still the information a private proxy should collect is no more than that which is needed to bill you for their services.
 
If you consider your online security to have any value consider using a premium proxy service for cloaking your IP address, preferably one which operates with the highest levels of encryption available and which wipes all server logs so there is no record of even your encrypted activities. There are many proxy options available, but in truth very few which are actually worth using!

 

Read More