The rapid growth in the use of the Internet and membership in social networking services had led to exponential growth in online fraud and scams. Those listed below are among the more common types of attacks.
A phishing attack involves a website that impersonates a real banking or other transactional site. The fraudsters lure their targets to this fake site in hopes the person will try to log-in. Once login credential information is entered the fraudster can use this information to access the real website. This may give them access to bank or credit card account information as well as the ability to change the password and take over the online account.
A spear phishing attack has the same goal as a phishing attempt, only the scams are more targeted toward groups of people with something in common – they all bank at the same institution or work for the same organization. The messages appear to be sent from a trusted source and have a level of detail that makes the email more convincing, which is why spear phishing has a high success rate.
Pharming is where a hacker installs malicious code on a personal computer or server. This code then redirects clicks made on a website to a different fraudulent site without the user’s consent or knowledge. To avoid pharming, take steps to safe guard your computer and learn how to recognize suspicious emails and websites.
Bulk unsolicited email is called spam. Malicious software (malware) authors may use spam to distribute malware. Spam can be used to facilitate a phishing attack.
Just like phishing, smishing is a form of fraud that uses text messages to lure consumers into divulging important information. Often the text will contain an URL or phone number. The phone number often has an automated voice response system, which requests personal or account information prior to connecting you to an operator.
Vishing is a form of fraud that begins with a phone call. This telephone version of phishing is sometimes called "vishing". Vishing relies on social engineering techniques to trick the person targeted into providing information that can be used to access and use their accounts. This information may also be used to impersonate you in order to open new lines of credit.
Man in the Middle Attack (MitM)
Man-in-the-middle attack is an attack where a malware infection makes it possible for the communication exchanged between two entities to be monitored in real-time by a third, unauthorized party. Since all of the traffic is routed back and forth through the attacker, neither party is the wiser to the scam. If successful, the traffic can even be modified to make it appear that a transaction succeeded when in reality the information was stolen or the transaction was rerouted to the benefit of the attacker. Project your computer against malware infections through the use of anti-virus, anti-spyware, and malware protection programs.
Man in the Browser Attack (MitB)
Man-in-the-Browser is a form of Internet threat related to man-in-the-middle. It is a proxy Trojan horse that infects a web browser and has the ability to modify web pages, modify transaction content, or insert additional transactions - all completely invisible to both the user and host web application.
Additional Resources on Keeping Your Information Safe: