|By Peter Silva||
|October 30, 2016 01:00 PM EDT||
Phishing has been around since the dawn of the internet. The term was first used in an AOL Usenet group back in 1996 but it wasn’t until 2003 when many baited hooks and lures started dropping. Popular transaction destinations like PayPal and eBay were some of the early victims of these spoofed sites asking customers to update their personal and credit card information. By 2004, it was a full-fledged ‘get rich quick scheme’ with many financial institutions – and their customers – as targets.
Oxford Dictionary defines Phishing as, ‘The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’
You’ve seen it, the almost perfect looking email with actual logos, images and links to a reputable company only to have it go to a slick looking replica complete with a login form. If you aren’t paying attention and do enter your credentials, you’ve just given a crook access to your money.
The Anti-Phishing Working Group (APWG) reports a 250 percent jump in the number of detected phishing websites between October 2015 and March 2016. More than in any other three-month span since it began tracking back in 2004. That’s around 230,000 unique phishing campaigns a month. And as recent as last week, American Express users were hit with a phishing email offering anti-phishing protection. Go figure. If you clicked the link, you were taken to a bogus Amex login page which asks for all the important stuff: SSN, DoB, mother’s maiden, AMEX number plus security code and a few other vitals.
When complete, you’ll be redirected to the authentic site so you think you’ve been there all along. That’s how they work their magic. A very similar domain URL and all the bells of the original, including the real customer service 800 number.
You can combat it however.
If you are configuring malware protection for the login and transaction pages for a financial application, it’s as simple as adding an Anti-Fraud profile to your VIP.
First, you create an anti-fraud profile:
Then indicate which URL should be watched and the action:
Then enable Phishing detection:
And when a phishing attach occurs, both the domain and the username of the victim get reported to the dashboard :
This tiny piece of code will dramatically reduce fraud loss and retain the most important asset in business—customer confidence.
Don’t get fooled by a faker.
- What Is #MQTT? | @ThingsExpo #IoT #M2M #RTC #DigitalTransformation
- What to Expect in 2017: Mobile Device Security | @ThingsExpo #IoT #M2M #Mobile
- What Is Virtual Desktop Infrastructure | @CloudExpo #VDI #Cloud #DataCenter
- What Is a Proxy? | @DevOpsSummit #Agile #DevOps #ContinuousDelivery
- Lightboard Lessons: What is a Proxy?
- Social Login to Enterprise Apps using BIG-IP & OAuth 2.0
- Q/A with Admiral Group’s Jinshu Peethambaran – DevCentral’s Featured Member for March
- Protecting API Access with BIG-IP using OAuth
- Lightboard Lessons: Service Consolidation on BIG-IP
- Q/A with Betsson’s Patrik Jonsson – DevCentral’s Featured Member for April
- Cloud Computing Making Waves
- Bit.ly, Twitter, Security & You
- Global Distributed Service in the Cloud with F5 And VMware
- Lori MacVittie Interview at Cloud Connect
- Working with One of the Top Ten Women in the Cloud
- Create a Smarter Storage Strategy
- The Threat Behind the Firewall
- Will Open Source Open Doors for Cloud Computing?
- Oracle Data Guard Sync Over the WAN with F5 BIG-IP
- 2010 Year End Security Wrap