Phishing Concepts & Techniques
Phishing Attack Common Techniques
Make Use of Cousin URL
Social engineering technique is often used in
phishing emails. These spoofed emails will have
similar tone of messages, logos or names of the
organisation from what appeared to be the legitimate
organisation. The objective is to entice the recipient
to enter his personal information. These fake
websites normally use Cousin URL links, which
are similar to the URL of the original website.
For example, the followings are some cousin URL
of bogus websites for banks in Hong Kong.
| List of
banks |
URL |
Examples
of Bogus Cousin URL |
Bank of China (Hong Kong)
Limited (BOCHK)
中國銀行(香港)有限公司 |
www.bochk.com |
www.bochkvip.com
www.bchk.cn |
Bank of East Asia, Limited
(BEA)
東 亞 銀 行 |
www.hkbea.com |
www.onlinebea.com
www.boeasiauk.com
www.boeauk.com
www.ebeauk.com |
Dah Sing Bank Limited
(DSB)
大 新 銀 行 |
www.dahsing.com |
www.daxinte.com
www.dlfh.com
www.dasxin.com |
DBS (Bank) Hong Kong
Limited
星 展 銀 行 ( 香 港 ) 有 限 公 司 |
www.dbs.com |
www.dbshk.net
www.dbsbankhk.com |
Fubon Bank
富邦銀行 |
www.fubonbank.com.hk |
www.fubonhk.com |
Hongkong and Shanghai
Banking Corporation Limited
匯 豐 銀 行 |
www.hsbc.com |
www.hkhsbc.com
www.hkebc.com
www.hsbccom.hk |
International Bank of
Asia Limited (IBA)
港 基 國 際 銀 行 有 限 公 司 |
www.iba.com.hk |
www.hkiba.com
www.ibabankhk.com |
Industrial and Commercial
Bank of China (Asia) Limited
中 國 工 商 銀 行 ( 亞 洲 ) |
www.icbcasia.com |
www.icbc-online.com
www.icbcasiachina.com
www.icbcasiachina.cn |
Standard Chartered Bank
(Hong Kong) Limited
渣打銀行(香港)有限公司 |
www.standardchartered.com.hk |
www.stbhk.com |
Wing Lung Bank Limited
永 隆 銀 行 有 限 公 司 |
www.winglungbank.com.hk |
www.winglungonline.net |
Make Use of Bogus URL and Browser Vulnerabilities
Some bogus websites make use of URI Syntax to
form a bogus URL to hide the bogus website address.
The URI syntax allows the format of using "@",
"%" encoding and Unicode encoding.
Microsoft has reported an IE vulnerability in
handling URL is found (MS04-004 issued on Feb
2004). A malicious user might use this syntax
to create a hyperlink that opens a bogus website
rather than the legitimate website as it appears.
This will also hide the actual visited bogus site
from displaying and showing in the Address and
Status Bar of web browser.
Top
Other Common Techniques
-
Use legitimate website's look but redirect
to another bogus website or pop-up window
to confuse visitors.
-
Use cross-site scripting technique to install
malicious codes or scripts on a legitimate
website, and then the malicious scripts will
be sent along with legitimate web contents
to the visitor's browser where they will be
executed on the visitor's computer to steal
his credentials, to exploit his browser's
vulnerabilities or to redirect the browser
to other fraudulent websites.]
-
Visual spoofing: Open a pop-up browser without
displaying the URL address, menu bar and status
bar. The phishers rebuild the menu bar, address
bar and status bar which display the fake
information. The status bar displays the "lock"
icon to confuse visitors that a secure SSL
session is loaded and enabled.
-
Use META tag to redirect the real site to
the fraudulent site at the back.
|
English
