February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Many Internet Consumers Don't Feel Safe | Main | Update Adobe Reader Immediately!!! »

January 04, 2007
Frightening New "Man-in-the-Middle" Phishing Scam

A frightening new type of phishing fraud, described recently by Brian Krebs, is being called the “Man-in-the-Middle” scam.

In this instance, an email arrived in an inbox that looked like it was from Amazon and warned that there had been some unauthorized activity on their account. When clicking through the attached link, the browser merely passes through a secondary, man-in-the-middle, proxy site, and then proceeds directly to Amazon’s actual site. This type of scam is actually easier to create than the old type of phishing scam because the scammer has no need to make a duplicate site. Functioning as a proxy, which is like having someone standing behind you and staring over your shoulder, the phisher is able to steal whatever data the user is conned into typing in.

While this scam does have its weaknesses, in that there is no attempt to disguise the fake proxy address with Amazon’s real one in the browser's address bar, its ease of creation and believability means we will be seeing much more of it.

As I wrote in a blog earlier, the simple fact is, any true security solution in the future simply has to perfect real time client and server authentication. Because once we get that, and it's infallible, I simply cannot conceive how phishing could continue to thrive.

Posted by pschooff in Phishing |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1139

Comments

Thanks for bringing this to people's attention.

As a result of scams such as this -- and all phishing in general -- email is no longer a credible means of communication between businesses and consumers. Ironically, this is forcing businesses back to using regular paper-based snail mail.

Posted by: Joe McKendrick at January 4, 2007 09:57 PM

Sad to say, Joe, that I agree with you that phishing just might render email totally counterproductive.

I'm trying to think of something comparable, something so useful suddenly rendered useless, and all I can think of is the CB radio, but that was more of a fad, and it's not like everyone swept up in the fad was a trucker dependent on their CB radio.

I'm still hoping the security sector can once again gain the upper hand.

Also, Joe, I want to say how much I enjoy reading your blog, "SOA in Action," and recommend it to everyone. SOA really is the wave of the future, and am excited to see how it develops.

Posted by: Peter Schooff at January 4, 2007 10:32 PM

Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map