phishing (email)

(fish´ing) (n.) Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and will capture and steal any information the user enters on the page (see “website spoofing“).

Examples of Phishing Scams

2003 saw the proliferation of a phishing scam in which users received emails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided email link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a website look like a legitimate organization’s site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information.

 

How Common is Phishing Today?

A global study released by the Anti-Phishing Working Group (APWG) in 2014 suggests that 54% of phishing emails targeted major bands including Apple, PayPal, and Chinese marketplace Taobao, indicating that phishers update their approaches looking out for new victims in niche industry segments. While millions of phishing URLs were reported in 2014, there were at least 123,972 unique phishing attacks worldwide in the second half of 2014. (source)

Why is This Successful for Scammers?

Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage.

Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Other forms: phish (v.)

IP spoofing

(ī-pē spoof´ing) (n.) A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.

Newer routers and firewall arrangements can offer protection against IP spoofing.

pharming

Similar in nature to email phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming ‘poisons’ a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect.

Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

See also phishing and spoofing.

ARM processors

ARM processors are a family of 32-bit microprocessors developed by Advanced RISC Machines, Ltd. in the 1980s. Today ARM processors power a wide variety of electronic devices, including mobile phones, tablets, multimedia players and more.

ARM processors are based on a reduced instruction set computer (RISC) architecture, and while they do share the low-end market with processors from AMD and Intel, they aren’t designed to compete with these companies’ higher-end processors.

IP – Internet Protocol

(pronounced as separate letters) Short for Internet Protocol. IP specifies the format of packets, also called datagrams, and the addressing scheme. Most networks combine IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source.

IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but there’s no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time.

IP address – Internet Protocol (IP) address

IP address is short for Internet Protocol (IP) address. An IP address is an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. Contrast with IP, which specifies the format of packets, also called datagrams, and the addressing scheme.

Recommended Reading: Webopedia’s Internet Protocol (IP) definition.

The Format of an IP Address

The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

Within an isolated network, you can assign IP addresses at random as long as each one is unique. However, connecting a private network to the Internet requires using registered IP addresses (called Internet addresses) to avoid duplicates.

Static Versus Dynamic IP Addresses

An IP address can be static or dynamic. A static IP address will never change and it is a permanent Internet address. A dynamic IP address is a temporary address that is assigned each time a computer or device accesses the Internet.

The four numbers in an IP address are used in different ways to identify a particular network and a host on that network. Four regional Internet registries — ARIN, RIPE NCC, LACNIC and APNIC— assign Internet addresses from the following three classes:

Class A – supports 16 million hosts on each of 126 networks
Class B – supports 65,000 hosts on each of 16,000 networks
Class C – supports 254 hosts on each of 2 million networks

The number of unassigned Internet addresses is running out, so a new classless scheme called CIDR is gradually replacing the system based on classes A, B, and C and is tied to adoption of IPv6. In IPv6 the IP address size is increased from 32 bits to 128 bits.

What is My IP Address?

To view your IP address you can use the ipconfig (IPCONFIG) command line tool.  Ipconfig displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.

To launch the command prompt from a Windows-based computer click: Start > All Programs > Accessories > Command Prompt. Type ipconfig and press the Enter key.

You can also use Google search to find your IP address. Type “what is my IP address” as a search query and Google will show the IP address of the computer from which the query was received as the top search result.

TCP/IP – Transmission Control Protocol/Internet Protocol

(pronounced as separate letters) TCP/IP is short for Transmission Control Protocol/Internet Protocol.

TCP/IP is the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.

sockstress

Also called TCP sockstress, sockstress is a potentially serious generic issue in many operating systems that affects the availability of TCP services. It is believed that a DoS attackexploiting the sockstress vulnerability uses half-open connections to deplete resources in the machines under attack. It very quickly causes specific services to become unavailable and may even require complete machine reboots. The attack may be effective against almost anything on a network, including Windows, BSD, Linux, embedded systems TCP/IP stack implementations, and others.

May also be referred to as TCP state table manipulation vulnerability.

See also “TCP Sockstress Brings Forth New OS Exploit Worries” on ServerWatch.com.

TCP segmentation offload

Abbreviated as TSO, TCP segmentation offload is used to reduce the CPU overhead of TCP/IP on fast networks. TSO breaks down large groups of data sent over a network into smaller segments that pass through all the network elements between the source and destination. This type of offload relies on the network interface controller(NIC) to segment the data and then add the TCP, IP and data link layer protocol headers to each segment. The NIC must support TSO. TSO is also called large segment offload (LSO).

See “Understanding The Data Link Layer” in Webopedia’s Did You Know section.

TOE

Short for TCP/IP Offload Engine, TOE a technology used in NICs (network interface cards) to offload processing of the TCP/IP stack to the network controller. TOE works because it allows the operating system to offload all TCP/IP traffic to hardware on the NIC, and also gives TCP/IP control to the host server. TOE is mainly used in high-speed networks such as gigabit or 10GB Ethernet.