Tuesday, May 08, 2007

Net Lingo

In today’s ET I came across a very good article that detailed some of the practices that fool innocent users on the internet. Let’s take a quick look at them to understand what they mean.

Hacking: It means ‘intruding’ to gain unauthorized access to computers, with an intent to exploit the system taking advantage of the innocence, neglect or carelessness of the computer user. Many hackers are ‘good’ people. They don’t indulge in negative behaviour.

Spoofing: Email spoofing is fraudulent alteration of the email headers to make it appear that the message has originated from someone or somewhere other than the actual source. IP spoofing refers to making the communication appear as if it is originating from a certain IP address while in fact, it is originating from somewhere else. This is usually done to intercept communication happening between two parties and then controlling the flow or altering the information without either of the parties knowing it.

Phishing: It involves emails appearing to come from legitimate sources such as a bank or a credit card company, with an earnest request to verify personal information or account details. The users are then led to divulge their personal information with a view to making use of it for pecuniary gains by fraudulently using that information to access bank accounts, credit card accounts etc.

Spear phishing: In these attacks, once the personal information is accessed, it is used to create fake accounts, ruin a victim’s name, access his/her accounts, ruin a victim’s credit oreven prevent victims from accessing their own accounts.

Pharming: In this hackers aim to direct the traffic from a legitimate website to another malicious site and then mislead the users into providing their sensitive data such as passwords, mother’s maiden name or credit card PINs. Pharming doesn’t depend on users’ clicking on any link or entering some substitute sites. Even when the user enters the name a correct site, the attacker still redirects them to fake sites, by changing the host file on a victim’s computer or by hijacking the victim’s DNS server.

Vishing: It is combination of ‘voice’ and ‘phishing’. It leverages VOIP (Voice over Internet Protocol) phones instead of ‘misguiding hyperlinks’, to steal personal and financial information from the public. In this, a dialer calls out customers in a given region and an automatic announcement advises them to call back on certain local telephone. When users call up, computerized IVR (Interactive Voice Response) system guides them into a verification routine and the visher fraudulently captures bank or credit card details of callers.

NOTE: If you think that this is an exhaustive description of online frauds, you are mistaken. As newer devices and software make their appearance, there will always be newer forms of frauds also appearing on the horizon.