Keyloggers record
all key strokes
Keyloggers attack
the computer;
phishing websites
attack the user
18 The Problem
Remember the trick used by ILOVEYOU? There was no technical
reason for the user to open the attachment containing the
worm payload, only the irresistible curiosity elicited by a clever
name. Well, the most common forms of phishing build on that
heritage.
Some sources include in the de?¬?nition of phishing all attacks
aimed at the unlawful acquisition of other??™s credentials, hence
encompassing the keyloggers previously discussed and the manin-
the-middle attacks discussed later. In the context of this book,
however, we stick with a much narrower de?¬?nition: Phishing is
a social engineering attack that tricks the user into entering his
private data in the wrong context, application, or user experience.
The base schema used is deceivingly simple, yet incredibly
effective:
1. The user receives a communication (an IM, more often a
mail message), which is allegedly coming from a legitimate
source; a bank, a business, and a service provider
are all common picks. For the sake of the example, let??™s
say that the mail pretends to be from a bank. The communication
informs the victim of a hypothetical breach
in the security of the system (or analogous excuse).
Pages:
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57