What would you do if you want someone’s password for an account ? You cannot just ask right away, because that will never work if you are a trusted friend. So what you do next is set up a trap, fake the users to retrieve it.
So lets say I have an account is some xyz bank, which is popular, and you know it. You send me an email which is disguised to be coming from that bank. It is made so real using logos and properly formatted sentences and with the banks manager name under it, that it is almost impossible for me to find if that email is fake.
Next I read the email in which you had also asked me to “Please, follow the link and confirm your password, as its going to expire today” and I follow it. This is called as phishing.
According to Wikipedia :
Phishing is termed as “Criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication.(Wikpedia)”
Types of Phishing
Unlike an Ip address, which doesn’t really give personal information of a person to a phisher cellphone or mobile numbers do have an easy access to this information. Therefor an SMS message designed to scare the recipient into calling a number to enquire about something (like a fake purchase information or a tempting lottery money) would provide the attacker a validation of your number, meaning he knows that this number is valid.
So whats next, as soon as you make the call and find it was bogus, you are spammed with 100’s of messages into your inbox. What can it contain? Lets have a look.
- Premium rate advertising.
- Images(could be porn stuffed).
- Viruses(in the form of ringtones)
Dangerous enough to make you buy another mobile. Alarming isn’t it!!
These are a serious threat on the mobile, because of the technology itself. As technology advances, even the crackers get smarter because there is always loop holes. There are around 760for the Symbian OS based devices and 17 for Windows CE devices.
How fast they grow and spread, is really alarming now. Bluetooth, GPRS, CDMA, they can get into your mobiles in the form of wallpapers, ringtones. In short anything, we like and is attractive.
Once installed, they can spread themselves again through messages and can access your contact list. So one of the best solution is don’t download or accept these things unless you know you were supposed to get it.
Spear phishing is targeted at a specific group or an enterprise. Hmm lets make it simple. Let’s say, you are an employee of a company, and you get an email which looks exactly like your project manager sent it. And in the email it asks you for vital information of the company. You don’t mind sending him(after all he is your boss!!).
Its intended to get viable information and passwords, and beware they can be containing trojans to knock down your system after you gave given the details!! You cant find the link ever back.