Tuesday, February 5, 2008
Fraudster using phone numbers to receive authentication details
The Bank of Lancaster County is currently being targeted by a phishing attack that does away with the traditional web-based phishing forms. Instead, victims are asked to phone a toll free number to reactivate their card.
The scam is initiated by sending out phishing emails purporting that the victim's VISA card has been deactivated, stating that it may have been used in illegal activities. Rather than clicking on a hyperlink and visiting a website to resolve the problem, this phishing scam asks its victims to call a phone number based in Erie, Pennsylvania. To add credibility to the attack, the email claims that the phone number is toll free, but it is in fact not.
Stealing credentials via phone remains a relatively rare phishing technique. For scalability, attacks like these are usually carried out by sending emails rather than initiating phone calls, and request that the recipient calls a phone number which purportedly belongs to the bank.
Ironically, phone phishing could prove more effective due to the methods some banks use to combat fraud. Some make automated phone calls to cardholders in the event of suspicious transactions, with the cardholder being prompted to respond by entering personal details before confirming a transaction. In practice, the cardholder has no way of ascertaining that the phone call is really coming from their bank, and expecting the cardholder to trust the automated caller is effectively grooming the bank's customers into falling for phone based phishing attacks.
The Bank of Lancaster County has published an alert advising customers about fraudulent emails that contain phone numbers, which when called, ask for personal information including account passwords and credit card numbers.
January 2008 Web Server Survey
In the January 2008 survey we received responses from 155,583,825 sites, reflecting a much slower growth of only 354 thousand sites, compared with last month, where the increase was 5.4 million.
Apache continues its recovery after steep falls in share over the last eighteen months and is back over 50%. Its share had been negatively affected over that period by the increasing number of blog sites in the survey on large providers like Microsoft and Google, using their own server software. But it is also benefiting from growth at other blog providers like multiply.
There has been significant growth in recent months for some newer entrants to the survey. While lighttpd's share, particularly of active sites, has stagnated, there has been good growth for nginx (an open-source web server developed in Russia), which passes 0.5% of the web server market this month. There is also good growth for LiteSpeed, a commercial web server designed as a high-performance drop-in replacement for Apache, which passes 400,000 hostnames this month (partly due to its use by blogging provider WordPress.com.
Top Developers
| Developer | December 2007 | Percent | January 2008 | Percent | Change |
|---|---|---|---|---|---|
| Apache | 76,945,640 | 49.57% | 78,735,581 | 50.61% | 1.04 |
| Microsoft | 55,509,223 | 35.76% | 55,709,926 | 35.81% | 0.05 |
| 8,558,256 | 5.51% | 8,290,471 | 5.33% | -0.18 | |
| lighttpd | 1,521,250 | 0.98% | 1,536,981 | 0.99% | 0.01 |
| Sun | 588,997 | 0.38% | 557,673 | 0.36% | -0.02 |
Subscription Details
To Subscribe: Send a message to webserver-survey+subscribe@lists.netcraft.com
To Unsubscribe: Send a message to webserver-survey+unsubscribe@lists.netcraft.com
To Get Help: Send a message to webserver-survey+help@lists.netcraft.com
Copyright © Netcraft Ltd 2007
Forgot your password?
New user?
Yahoo! Zimbra Desktop
Cannot Get Wireless Working (Desktop/Laptop)
VMworld 2008
Intel Atom Disk Encryption Performance
