Threats

Phishing

The act of sending an email to a user falsely claiming to to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that may be used for identity theft.  This can include requesting the user to email back their confidential information or providing a link to a fraudulent website which requests the information (web-spoofing).

Dear ABSA Client,

We have been receiving complaints from some of our customers

about unauthorised use of their internet bank accounts.

Some invalid logon attempts into your online

account access was noticed and we and have therefore limited certain 

online features until we verify your recent access. 

Click here to Verify now

You are advised to strictly adhere to this feature as

failure to do so may result in permanent account suspension.

Customer Service

Smishing

Similar to phishing except that the "bait" is delivered via SMS rather than an email.

Web-spoofing

A scam, usually used in conjunction with phishing, where a criminal attempts to obtain a users personal and financial information via a fake website that looks legitimate.  The fake website requests you to enter confidential information. The fake site may look legitimate but it will not have the correct URL.

Pharming

Pharming is similar to web-spoofing in that it directs the user to a fake website that looks legitimate.  However, rather than using phishing to direct the user to the site, pharming requires a domain name server (DNS) to be hacked.  A compromised DNS is often reffered to as "poisoned".  When the user attempts to go to the legitimate site the DNS will instead direct them to the false site.  The user's browser will still show the URL of the legitimate site.[2]

Eavesdropping

Electronic eavesdropping is the act of intercepting electronic packets of information usually for criminal purposes.  It is often referred to as "Packet-Sniffing".  The criminal tries to reconstruct the data from the packets which he has obtained from using a rogue computer on the network (or the internet).

DoS Attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely.  

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

E.g. An attacker send millions of emails to somebody so that they cannot use their email or internet.

Virus Hoax

Usually an e-mail message that warns people about a virus that does not exist.  Usually is over-the-top, warning people that the virus can do impossible things (like burning out your hard drive or frying your RAM).  Often contains capitals, exclamation mark, bad spelling and grammar, says it comes from several well-known companies (few of which are likely to be antivirus companies) and encourages you to forward the message to all people you know before the world ends!  It has the detrimental effect of generating large volumes of unnecessary email traffic from panicked network users.

Subject: FW: Virus alert

PLEASE FORWARD THIS WARNING:

You should be alert during the next days:

Do not open any message with an attached file called "Merry Christmas" regardless of who sent it, It is a virus that opens as an Open Log Fire and will burn the whole hard disc in your computer.

This virus will be received from someone who has your e-mail address in his/her contact list, that is why you should send this e-mail to all your contacts. It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called "Merry Christmas", though sent by a friend, do not open it and shut down your computer immediately. This is the worst virus announced, it has been classified by Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus. This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept

References:

[1] eStatements & Phishing (n.d.) (Online Image) Avaiable at: http://www.absa.co.za/Absacoza/Security-Centre/Banking-Security/eStatements-and-phishing (Accessed 31 July 2012)

[2] Webopedia (n.d.) Pharming (Online) Available at: http://www.webopedia.com/TERM/P/pharming.html (Accessed 31 July 2012)

[3] Wikipedia (14 July 2012) Pharrming (Online) Available at: http://en.wikipedia.org/wiki/Pharming (Accessed 31 July 2012)