Stories of ordinary insecurity: Clickjacking, Pharming and Phishing

Clickjacking: when a click hides the scam

Marco is a great football fan. Each day he reads the news about his favorite team on different sites, from the official ones to the less known ones. Probably it is the time of the day he loves the most, but will it be forever? During one of his voyages in the web, Mark has been attracted by a link that showed a sensational news regarding his team. He clicks on it, being euphoric and nothing happens. “It’s a problem with the site” he thinks. But no. A few days later Marco receives an email with a picture of himself in pajamas and with a message below: “I ​​have so many pictures like this, I can spy on you, but if you pay me I will stop doing it.”

(Clickjacking attacks may allow access to the web cam and microphone by changing the settings of the software Adobe Flash)

Wikipedia says: During a normal web browsing, the user clicks with the mouse pointer on an object (such as a link), but in reality its click is redirected, unbeknownst to him, on another object. Typically the vulnerability exploits Javascript or Iframe.

Pharming: original site or web page created ad hoc?

Joseph spends many hours in front of the pc, especially on social networks. He likes to share links, look at photos of friends, comment on his favorite singer’s fan page and chat with his partner. Too bad that Joseph is only 14 years old and he is a bit naive. While being on the internet your browser opens a page that looks like the Facebook home page, but it’s not the real Facebook. Joseph enters his data and logs in and suddenly the hacker gets to own his nickname and password and enters in his profile, creates embarrassing situations…

Wikipedia says: Pharming is defined as a cracking technique, used to gain access to personal and confidential information, for various purposes. Thanks to this technique, the user is deceived and led to unknowingly reveal his sensitive data, such as account number, username, password, credit card number etc..

Fishing: as fish bait to trap the users

John works as a nurse in the hospital of his city. His dream has always been to help people, to cure, support them in times of need. His days are so intense that, back home after grueling hours of work, he just wants to lie down on the bed and check his e-mail in peace. One evening he gets an email from the Post:” We are checking the account security of our customers, please enter here your access data, we will check if your account is safe.” He is tired, he is not thinking straight, he does not understand what serious fraud he is heading himself to. He inserts his data and his account fades in no time.

Wikipedia says: It is an illegal activity that uses a social engineering technique: by sending random e-mail messages that copy the site graphics of a bank or a post office, a broker tries to get the victim’s password to access his current account password that authorizes payments on his credit card.

In conclusion

Marco will have to install an updated browser not fall into the same scam. It’s important to remember: “Never accept candy from strangers”.

Joseph will get a good antivirus and check on each site where personal data are required, if there’s a safety certificate or it uses the https protocol (http secure).

John will have to understand that no bank or not even the post office never ask sensitive data by e-mail. In addition you will see that certainly the original web site will be different from the original one,maybe for a single symbol only!

Related posts