Hackers Create 3 Million Fraudulent Websites Annually

Tuesday, October 12, 2010

Robert Siciliano

37d5f81e2277051bc17116221040d51c

A recent study shows that organized criminals create approximately 8,000 malicious websites every day, or over 57,000 each week.

These malicious websites model legitimate websites that we visit every day, such as bank websites, online shopping sites, and eBay.

According to this study, the most frequently impersonated companies include Visa, Amazon.com, PayPal, HSBC, and the United States Internal Revenue Service.

People are typically directed to these scam sites in one of three ways:

1. Often, potential victims end up visiting these spoofed websites via phishing scams. Phishing, of course, occurs when you receive an email that appears to be sent from your bank or other trusted entity, and a link in the email brings you to a website that is designed to steal your login credentials.

2. Scammers lure victims to their scam sites via search engines. When a website is created and uploaded to a server, search engines index the scam sites as they would any legitimate site. Doing a Google search can sometimes lead you to a website designed to steal your identity.

3. Social media sites like Facebook and Twitter are free, and this gives scammers an advertising platform. Criminals simply post links in status messages, on group pages, or fan message boards, using the legitimate appearance of the site to gain credibility.

Once a computer user clicks one of these links, he or she ends up on a website that is riddled with malicious software, which may install itself on the victim’s computer even if the victim doesn’t click or download anything on the scam site.

This tactic is called a “drive by.”

Or, users may be tricked into clicking links to download files. Either way, the ultimate goal is to gather usernames, passwords, and, if possible, credit card or Social Security numbers in order to steal identities.

By understanding how these scams work, PC users can begin to learn what to do while online and, more importantly, what not to do.

Never click on links in the body of an email. NEVER.

Always go to your favorites menu or manually type the address into the address bar. This means that you should never copy and paste links from emails, either.

When searching out a product or service, be aware that you could be led to a scam site. A properly spelled web address is one indicator of an established, legitimate site.

Try to restrict your business to sites you know and trust. Also, before entering credit card information, look for “https://” in the address bar. This means it’s a secure page and less likely to be a scam.

Just because a link for a tempting deal appears on a popular social networking website doesn’t mean it’s legitimate. I’d shy away from clicking links. Use your common sense. If it seems too good to be true, it is.

Forewarned is forearmed.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses phishing on NBC Boston. Disclosures

Possibly Related Articles:
13652
Impersonation
scams Hacking
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.