'Conmen contact people over phone or visit personally'
KUWAIT CITY: The latest in the computer frauds in Kuwait is the human-based social engineering method, say networking experts of a foreign university in Kuwait. As computer users are becoming increasingly wary of Phishers and Pharmers who try to gain access to sensitive information such as credit card details and passwords, conmen are now employing the 'social engineering' method of contacting people over the phone or through personal visits, impersonating people whom the latter would be willing to share information with. Hackers pose as employees of a different branch of the same company and chat up unsuspecting staff into revealing passwords and similar sensitive details. Social engineers often claim they are real employees, and will ask to be emailed confidential information at a valid address as well as an external one. All employees, especially those with privileged information, including executives, human resource personnel, and personal administrators are their targets.
The e-mail defrauders are getting wiser by the day too, as they create counterfeit sites of the banks or companies they claim to represent to such perfection that they would lure the Internet user to believe the mail to be genuine and part with solicited information. The technique is called "Link alteration" and involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site.
Accomplished
This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. "If an individual unsuspectingly receives a spoofed e-mail with a request to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a genuine commercial site, there is an increasing chance that the individual will follow through in submitting their personal information."
The Arab Times had earlier reported many cases of e-mail phishing, where the header of an e-mail appeared to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use phishing in an attempt to get recipients to open and possibly even respond to their solicitations.
"You have won a lottery" or "I need help to sell a treasure I found" are also some of the usually employed tactics used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card or other forms of identity theft. "IP Spoofing" is a technique used by hackers to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source. Computers that are connected to the Internet for long hours and that are not installed with proper security software are broken into by IP Spoofers who take over the machine to conduct their illegal activities. "Authorities trying to trace the source of these activities will be led to your machines."
By Valiya S. Sajjad
© Arab Times 2007
