| |
 |
PRESS
RELEASE
Oslo, 11 September
2003
Norman focuses on new activity aimed at Identity theft
|
|
The data security company
Norman Data Defense Systems warns about an old threat that
has been reactivated at an alarming speed recently - a
special kind of identity theft. This has been named "phishing".
The term is used for "fishing for personal information by
imitating legitimate organizations". The aim is to gain
access to confidential information of a personal nature.
In recent weeks there has been an increased activity in
attempts to acquire private passwords and user names to
various protected Internet resources. The technique used
is to send a mass-distributed email to lots of recipients
- requesting confirmation of personal information for a
particular Internet resource. The sender of the email is
"spoofed" in such a way that it seemingly originates from
an organization matching the email's body. The email may
e.g. claim that due to database problems the user must
confirm the personal information.
The requested information may be related to Internet
banking, credit card details, chat accounts, or anything
else that are personal and private information.
The perpetrators use mass emailing with Internet addresses
that appear reliable. This email has a link to a web site
that also looks legitimate, and the user is e.g. asked to
confirm or change the user information. The problem,
however, is that this web address is not correct as it
does not link to the organization the end user thinks.
This can be accomplished by several techniques, where the
most obvious (and least used) is substituting the top
domain like .com by .net.). A more sophisticated method is
to use a link in the email that looks legitimate but by
clicking it the user is sent to a different web site than
the one written in the email. Many users will not notice
this if logos and the general appearance of the web site
are identical to the real one. This is of course easy to
accomplish.
By harvesting information in such a way, the person or
persons responsible for the scam are able to acquire
personal information from lots of people. This may enable
so-called "identity thefts".
Stealing personal identities is an increasing problem made
possible by our availability on the Internet as virtual
personalities. There is no doubt that the consequences are
grim for the victims.
Norman recommends that all users are wary of emails and
other approaches from the Internet, asking for
confirmation of personal information. The consequences of
supplying such data to illegitimate sources may be severe.
For further
information, please contact
SAV25
Data Systems
|
|
More
Press Release here |
|
|
|
