Brochure
Best Practices

I.S. Sentry, Inc.
Information Systems Perimeter Security
Sales@ISSentry.Com

Phishing Issues in the News (Submit an Article)

Pharming: Is Your Trusted Web Site A Clever Fake? (Microsoft)  07/15/06
"Pharming" is when criminal hackers redirect Internet traffic from one Web site to a different, identical-looking site in order to trick you into entering your user name and password into the database on their fake site. Banking or similar financial sites are often the target of these attacks, in which criminals try to acquire your personal information in order to access your bank account, steal your identity, or commit other kinds of fraud in your name.

The use of faked Web sites may make pharming sound similar to e-mail phishing scams, but pharming is more insidious, since you can be redirected to a false site without any participation or knowledge on your part.

To date, there have been few documented attacks, and maintaining the integrity of the Web is very high on the list for governments and businesses. It's also important to remember that the Web is free and public resource, akin in many ways to a library, mall, or other public services where you live. For most people, the advantages to going out to shop, conduct business, do research, socialize and so on, far outweigh the dangers and unpredictability of being in a public space.

If you notice something suspicious about a trusted Web site, report it—by telephone if possible—to the business or site owner. It may be a normal glitch or a new update, or it may be a mistake a criminal has made when trying to duplicate a Web site. This article on phishing scams provides some tips on how to tell if a Web site might be a fake. [Click here for Full Article]

Symantec Unveils Anti-Phishing Suite (Small Business Pipeline)  06/26/06
Symantec on Monday announced an online transaction safety suite scheduled to release for Windows and the Mac OS X operating system this fall.

Norton Confidential, which will enter beta testing sometime this summer, will include anti-phishing blacklists and heuristic-based detectors; what Symantec calls "crimeware protection, essentially keylogger and screen-grabbing Trojan horse sniffers; additional site authentication cues; and password encryption.

Symantec is scheduled to deploy many of these technologies in its Norton 360 security subscription software when that releases later this year or in early 2007, but the Cupertino security company is rolling out the separate Confidential for users who will stick with the traditional disk-based titles such as Norton Internet Security and Norton AntiVirus. [Click here for Full Article]

Review: McAfee Total Protection Beta Takes On Windows Live OneCare (Small Business Pipeline)  06/26/06
With Microsoft grabbing recent headlines on the release of its Windows Live OneCare product, established players in the Windows security and utilities market are taking action to show that they can hold their ground. On the same day that Microsoft announced the availability of OneCare, McAfee responded by starting the beta test program for its next generation of products, code-named "Falcon."

McAfee's Total Protection provides an extensive set of features that go beyond security to offer data protection and system maintenance. 

According to McAfee, it will eventually release four security suites, the first two of which are now available as downloadable betas. McAfee Total Protection is built on previous McAfee products such as VirusScan and Personal Firewall but adds new features to deal with emerging threats such as phishing. McAfee VirusScan Plus offers a subset of Total Protection's features dealing with virus, spyware, or hacker activity. I downloaded and installed the Total Protection beta to see how it holds up. [Click here for Full Article]

IE And Firefox Sport New Zero-day Flaw (Tech Web)  06/06/06
Multiple security organizations warned Tuesday that Internet Explorer, Firefox, Mozilla, and SeaMonkey -- on Windows, Linux, and the Mac -- are vulnerable to a JavaScript bug that could allow a determined attacker to dupe users into giving up sensitive personal information such as credit card or bank account numbers and passwords.

According to Symantec, which issued an alert late afternoon Tuesday, all versions of the Microsoft and Mozilla browsers could be used to harvest data through a JavaScript key-filtering vulnerability.

"This issue is triggered by utilizing JavaScript 'OnKeyDown' events to capture and duplicate keystrokes from users," went the Symantec warning. [Click here for Full Article]

SMBs: The Other Victims Of Phishing (Systems Management Pipeline)
05/18/06
The number of phishing attacks grew 44 percent between the first half and second half of 2005, according to Symantec, in Cupertino, California. Some of that increase can be attributable to the holiday season, which typically promulgates a higher number of incidents, but the increase is still very significant, according to Dave Cole, director of Symantec security response. The number of incidents for the first half of this year is expected to far surpass the one billion incidents in the first half of 2005.

But although the scams are certainly damaging to any consumers duped by them, they can also have a devastating effect on the small business whose brand is stolen in order to perpetrate the scheme. Though of course the phishers are the criminals, any targeted firm can suffer from the negative customer reaction--and reputation--that ensues.

Though there is no silver bullet for how to deal with these incidents, here are some ways for small businesses to battle brand theft. [Click here for Full Document]

Phishers Outsmart Security Experts (Systems Management Pipeline)
03/10/06
Fraudsters are using a new technique to keep their spoofed Web sites up and running even as authorities pull the plug, a security expert said this week.

According to RSA Security's Naftali Bennett, the senior vice president of its Cyota anti-fraud division, some phishers have started using a tactic called "smart site redirection" to stay a step ahead of the law.