Wednesday, December 3, 2008

Phishing - Black Black Hat

Something a bit different this time. Phishing scams and the like are probably the ultimate in  Black Hat SEO and they are a real and costly danger to e-banking and any Web sites that allow financial transactions. (see Danger! Your identity is not secure). Phishing uses a variety of techniques to direct victims from a legitimate Web site to the scam Web site, where they enter their identification information, account numbers, social security, credit card numbers etc. that are then used by crooks to steal their money.  Other schemes download appropriate  Scumware to the victim's computer. This captures their identification details and sends them to the crooks who operate these schemes.
Scientific American has a useful article on How to foil Phishing Scams, However, it is only useful up to a point. Most people refuse to become technically educated, and if they do, the scammers will just find new techniques to beat the system.
Banking and other institutions have adopted various security measures such as token devices, but these are difficult to manage for various reasons. Identiwall has a promising system based on multiple authentication using cell-phones. It can be applied for Secure ebanking, online stock brokerages and any other type of Web operation, financial or otherwise, that requires confidentiality.
The ultimate phishing scheme is one that can steal a legitimate Web site and redirect visitors through Cloaking, Shadow domains and similar techniques. Visitors think they are giving their identification information to the bank or stock broker, but the crook is at the other end. In principle, it is not morally or technically different from Black Hat SEO.

No comments: