see also  witiger.com/ecommerce/SocialEngineering.htm

This page is for the convenience of students in Prof. Tim Richardson's e-commerce classes.
It contains a collection of info and links regarding all the marketing issues relevant to domain names.

This page last updated 2011 Nov 14
.
This web page has audio clips - just click on the icon (like the one to the left) and you can hear Prof. Richardson's voice adding additional information to topics on the page. turn on your speakers to hear audio clips
.
Domain Names
marketing issues witiger.com/ecommerce/domainnamesmktg.htm
registration isses witiger.com/ecommerce/domainnamesregister.htm
scams and problems witiger.com/ecommerce/domainnamesscams.htm
scams, phishing witiger.com/ecommerce/domainnamephishing.htm
domain name hacking witiger.com/ecommerce/hackingexample.htm
domain disputes witiger.com/ecommerce/domainnamedisputes.htm
Verisgn problems  witiger.com/ecommerce/domainnamephishing-verisign.htm
..
.
...
. This page used in the following courses taught by Prof. Richardson
.
MGT C50
MGT D06
CCT 322
IEC 702
IEC 818
FCA 240
MGS 523
MRK 610
MRK 410
BCS 555
GNED 136

This page deals with

  o Re-directs to fake sites, phisher sites
  o Verisign Site finder trick
 

see also Tina Dang's interactice PDF 
 witiger.com/ecommerce/Dang_Tina_MGD415_Phishing.pdf 
.

...
 
Phishing

an introduction

 Ontario's Consumer and Business Services Minister Jim Watson provided an information session on Internet scams Wednesday [2004 Nov 17th] at Queen's Park as part of the provincial government's Consumer Awareness Week. 

"Internet criminals have become more sophisticated in recent years by setting up dummy Web sites that look similar to those of major banks, trusted sites like eBay, or even government Web sites. Users are encouraged via e-mail to enter personal and financial information into these sites. The practice, known as phishing, has resulted in monetary theft and in worse cases, identity theft."

"Your information goes straight into the hands of crooks," As part of its awareness program this week, [2004 Nov 17th]  the Ontario government offered a five-point guideline for safe Internet use:

    o Clear your cache at the end of every session
    o Be wary of requests for personal information
    o Don't open unfamiliar attachments
    o Only download software from trusted Web sites
    o Unplug your modem after each use 

,,,
clickz.com/clickz/stats/1713921/online-fraud-losses-hit-usd437m
http://www.youtube.com/watch?v=Ia5LN0rBgrI YES THIS PAGE IS USEFUL

Nov 2011 - former UTSC student (MGTD06 in 2008) Hasan Shahzad stopped by to talk about his work in Mutual Funds at Royal Bank and mentioned that frequently he references material from this page in order to educate clients as to some risk and threat situations they should be careful about regarding identity theft and hacking.
 youtube.com/watch?v=Ia5LN0rBgrI 

Thanks Hasan for mentioning this.
WTGR
 


published by Scott Adams in 2005
 
Phishing

an introduction

What is Phishing and Pharming?

According to the sitehttp://antiphishing.org/ (found by MRK410 student Sheri C.)
"Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware. Pharming crimeware misdirects users to fraudulent sites or proxy servers, typically through DNS hijacking or poisoning."
permission to quote and link comes from Peter Cassidy, secretary general of the Anti-Phishing Working Group (by email 2005April07)

witiger translation !!

Phishing attacks use trickery, like pretending to be a legit website, and technical sneaky things, to steal your personal info.
click to hear Social Engineering is a slang expression to describe things you do to another person to trick them into believing something, usually by pretending to be part of their company, or making a lie about your true identity in order for them to give you a password or some secret info
see witiger.com/ecommerce/SocialEngineering.htm
WTGR
.
Why Phishing is so dangerous !!!  - the cops can't help you
"This is certainly a new crime," said Det. Supt. Rick Kotwa [2005] who heads up the anti-rackets investigation bureau for the Ontario Provincial Police. "We don't have a lot of resources designated towards it."
.
KEY
POINTS
Kristine W. in BCS 555, Nov 2002, was one of the first students to find a story about Phishing - in fact they didn't even call it Phishing in 2002 - they called it "setting up spoof sites"
WTGR
.
By Paul Festa ,           Staff Writer, 
CNET News.com November 22, 2002
Festa writes, "... emails sent out to customers informing them to change their ID have experts doing a double take.  To make matters worse, ebay a company that has been a victim of phony sites, does send out legitimate emails telling their customers to change their ID due to certain reasons.  Ebay has gone about resolving these scams by having the site taken down under the Digital Millenium Coypright Act (DMCA) within hours of it being made availabe.  In addition, they have been informing customers about this scam and indicate they will never ask for personal information in an email. Also, changing your ID will never be done in another site other than the ebay site."
 
KEY
POINTS
One of the things that is key to many scams is forcing people to make a quick decision under pressure without having the time to consider that it may be wrong - this way, they can get you to make a mistake because you are panicking.
WTGR
.
Deadline pressure
Festa says " Scam artists are taking advantage of eBay's deadline-heavy pace in their schemes, knowing that an eBay user facing a ticking clock is less likely to think twice before handing over a  username and password. "One person was out of town and panicked when he got home and saw e-mail saying his  auctions wouldn't be kept live unless he made these changes," ... "So he went in  and gave them all this personal information. If they catch you at the right time, you can be  fooled."
..
Phishing

growing in
Canada
 
 
 

 

ITBusiness.ca is a website belonging to www.plesman.com
Computing Canada is part of the ITBusiness.ca site
October 22, 2004, Vol. 30 No. 15
"E-commerce in jeopardy as phishing reels in Canadians"
is the title of a story carried October 22, 2004, Vol. 30 No. 15 in Computing Canada

"The "attackers," are sophisticated and make their Web sites look almost identical to the legitimate sites, as they seek users secure banking or personal information through solicitation by e-mail. Unsuspecting users, for whatever reasons, are lured into giving up secure information and soon might be robbed, because they trust the sites."

permission to quote from Computing Canada, Computer Dealer News and itbusiness.ca for this article, and all other articles in witiger.com comes from Joe Tersigni, Publisher, IT Business Group, www.plesman.com,  May 2005. Copy of email kept on file in the permissions binder.

.
Phishing

through
FaceBook
 
 
 

 

http://www.youtube.com/watch?v=TlfhjPST1Ls Phishing through FaceBook

Student Glen B in BCS555 in Nov 2009 sent an email noting a YouTube clip which features a CNN segment on how scam artists are using phishing techniques to get victims through FaceBook
 www.youtube.com/watch?v=TlfhjPST1Ls

.
eBay & PayPal
Scams

phishing
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

eBay & PayPal
Scams

phishing

found by Melisa C. from MRK410, March 2004 
on the latest ebay PayPal email scam
www.ecommercetimes.com/perl/story/33138.htm

"Some eBay Customers at Risk" 

"Fraudulent e-mails are usually addressed "Dear customer," and contain general information. But armed with the customer information stolen from PayPal, eBay fears that fraudsters will be able to send morepersonalized -- and convincing -- messages."

"Hackers tricked several online merchants who use EBay's PayPal payment processing system into disclosing their user names and passwords, then logged onto the merchants' accounts to download lists of customer names, e-mail addresses, home addresses and transactions, said spokeswoman Amanda Pires. EBay fears that the information will be used to trick customers into giving up their credit card information in an e-mail scam known as phishing or spoofing. 

This is how such scams work: E-mail users receive messages purportedly from PayPal or other businesses saying that they need to verify their credit card number, Social Security number or other information. Often the e-mail links to a Web site designed to look like a legitimate business, but which really belongs to the perpetrator of the fraud. If the victim enters the requested information on the Web site, he or she may become the victim of identity theft. "

On this page there are several quotes from ecommercetimes.com. Permission was given by Richard Kern, Associate Publisher of the E-Commerce Times,  in an email to Prof. Richardson 2004 Dec 10th, a hard copy of the email is kep on file in Richardson's permissions binder.

.
Phishing

Industry
Associations
 
 
 
 
 
 
 
 
 
 
 
 
 

Phishing

Industry
Associations
 
 
 
 
 

 

found by Sheri C. from MRK410, March 2005.
Not only did Sheri find a good useful site, but she wrote a long note providing a good introduction to the link.
http://antiphishing.org/
permission to quote and link comes from Peter Cassidy, secretary general of the Anti-Phishing Working Group (by email 2005April07)

Sheri wrote 

"I was reading the upcoming lesson on viruses and scams. I was very interested in the new scam called “Phishing.” I wanted to learn more and came across a very interesting site about the new trend.  http://antiphishing.org/APWG_Phishing_Activity_Report_Feb05.pdf"

Sheri explained "This site went into detail on how dangerous this new scam really is. It gave me graphs that highlighted the continuous growth of the trend. I also learned that the United States is ranked number one as the top location for hosting phishing sites with 37%. The main attack is on financial institutions. There is an association that was formed called the “Anti-Phishing Working Group.” They hold forums to discuss phishing issues and share phishing problems. “Membership is open to qualified financial institutions, online retailers, ISP’s, the law enforcement community, and solutions providers.”

Sheri concludes "I thought this site would be interesting because this trend is rapidly developing. I feel with all the new technology we are dealing with, we, as students should be aware of this type of scam for our future endeavors."
 

. .
Phishing

a
student
experience

Phishing, a student's experience
 
UTM student Salma A in MGD415 in Jan 2008 sent an email to say

Salma sent an email to say
"Phishing can happen to anyone, not only companies.  Once my friend was checking his email where he received a message from  PayPal about a payment of cell phone purchase on his account. "

Salma explains further

"I was  like, 'why are you buying another cell phone?' He verified it was an  error. However, in the email it says click here to log into your  account. Once he clicked that link, it took him to PayPal's home page.  He logged in. It asked him for his name, street address, credit card  number and more. He re-entered everything. But, before he clicked the  send button, he was wondering why he has to input everything all over  again because he was already registered. As he wondered, he noticed  that the URL was not even paypal.com. It was a random URL address. It  was a replica of PayPal?s homepage. None of the links on the home page  worked. If he clicked the button, all his personal information would  have been revealed aka identify theft."

Salma suggests
I guess the only way I think you can figure out if you are targeted:
    Check the URL of the webpage
    Check other links on the webpage, if they are even working
    Log into your accounts (PayPal) from the "real website" to verify if  the email is true.

Salma adds
Mozilla Firefox 2  has a built-in Phishing Protection  feature. Firefox already has a list of phishing websites. Once you  land on a known phishing site, you will notice a yellow pop up box  that warns you about the sites intention. "

..
Melissa Q. in MRK 410, Feb 2004 found a good article online that talks about another way people can get in trouble with their Domain Name.

This problem is about re-directing people to fake sites (phisher sites)  where they can get tricked into doing things that are unsafe.
Thanks Melissa
WTGR

.
By Jon Swartz, USA TODAY
"Spammers' fake sites dupe consumers"
.
Swartz describes what happened to Best Buy
"Best Buy. In what could be one of the biggest such cases, the No. 1 electronics chain says thieves recently used spam called "Fraud Alert" to milk consumers of credit card and Social Security numbers. The e-mail, which claimed to be from BestBuy.com, directed consumers to a Web site nearly identical to the company's site. Many consumers were suspicious and contacted Best Buy because the site asked for personal data."

Swartz describes what happened to AOL
"America Online. Some customers of the largest ISP say they received pop-up ads last month warning them that personal information — such as name, Social Security and credit card numbers — was necessary to keep their online subscription. Because the form looked like it came from AOL, they filled it out."

KEY
POINTS
This problem is going to get worse before it gets dealt with.

Swarts explains "Despite efforts to stifle phisher sites, they are likely to grow because the scam is cheap and offers a haven. For less than $50, identity thieves can create a fake Web site and buy a CD with millions of e-mail addresses. "If you get just get a 0.5% return on 100,000 e-mails, that's a major ID breach," says Linda Goldman-Foley, co-executive director of Identity Theft Resource Center."

WTGR

Spear
Phishing
Competitor Intelligence = Corporate Espionage = Spying - faciliated by "spear phishing" !!!
 
UTM student Simeon K. in MGD415 in Jan 2008 sent an email to say

"I got very interested into the topic about competitor intelligence so that I looked for some information about it. I found an interesting article, dated January 2008, called "Countering corporate espionage". I think the information in this article, written by Sally Whittle @ 
 http://resources.zdnet.co.uk/articles/0,1000001991,39291900,00.htm
will be useful in relation to the mentioned topic. I made a summary of the article and added a few thoughts of mine as well."

Simeon writes

"Spear phishing" is an increasing cyber crime related to corporate espionage. It is a highly targeted phishing attack where a company executive receives an email from an "authorized partner" regarding a project, which is not widely known outside the company. The purpose of such an email is to encourage opening a file, launching a Trojan, which would provide somebody with access to the whole network."

WTGR adds, 
"Thanks Simeon, Spear phishing, an e-mail spoofing fraud, is highly successful compared to normally phishing because it is specifically targeted to particular individuals and unless someone makes a phone call or sends a confirming email to the "phished domain", it can be truly convincing"

...
Spear
Phishing
"spear phishing" !!!

Catherine Forsythe explains on
http://www.lockergnome.com/forsythe/2007/08/13/spear-phishing-a-targeted-attack/

"For example, if you received an email from someone from your tech support services asking to confirm your security code, would you do it? The email is addressed directly to you and has your name in the text of the note. A glance at the email address shows that it is a company email. If you send back your security code or password, you may have been ‘phished’ - specifically, you have been ’spear phished’. You were targeted.

Email addresses can be spoofed. And the mention of your name in the text is just social engineering. It is to manipulate you into feeling secure and giving up the information."
see also  witiger.com/ecommerce/SocialEngineering.htm

.
Spear
Phishing
"spear phishing" !!!

WTGR adds, 
The expression "spear fishing" comes from the need to describe a focused threat. Phishing is a slang expression to describe a broad based attempt to "hook in" unsuspecting targets. In "real fishing" you put a line in the water and hope any fish will come to the bait.

In spear fishing you go IN the water and select a specific fish, swim up close, pull the trigger. the rubber band propels the spear forward to your target and you use the attaching line to pull in the fish speared by the spear.

.
Problems
and
Scams

example:
Bank of
America

Oct 2005, I (WTGR) received an email, supposedly from Bank of America, asking me to log in - only problem is, I'm not a Bank of America customer - so I automatically know this is bogus.

A small percentage of people who receive this spam will actually be real Bank of America customers - most will delete the email, but some may think it is real, and they'll follow the instructions, and be a victim.

One of the keys to knowing it is fake, is the part that says "Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to ...". Anytime an email says this, it is because they "spoofed" the originating address

WTGR

...
Problems
and
Scams

example:
Bank of
America

On the "real" Bank of America website they have a special section talking about phishing and explain how it works. BOA also says "Bank of America emails will never ask you to reply to an email with any personal information or data, such as your Social Security number, ATM or Check Card PIN, or any other sensitive information." so you know if you get such a request, it is fake..
..
.
On this page there are several quotes from ecommercetimes.com. Permission was given by Richard Kern, Associate Publisher of the E-Commerce Times,  in an email to Prof. Richardson 2004 Dec 10th, a hard copy of the email is kep on file in Richardson's permissions binder.
.. .,,,,
witiger.com
  CONTACT I MAIN PAGE I NEWS GALLERY I E-BIZ SHORTCUTS I INT'L BIZ SHORTCUTS I MKTG&BUSINESS SHORTCUTS I TEACHING SCHEDULE
.
  MISTAKES I TEXTS USED I IMAGES I RANK I DISCLAIMER I STUDENT CONTRIBUTORS I FORMER STUDENTS I PUBLICATIONS I TIPSfor those On The Level who believe in faith, hope and charity
.
.
 
 

  Prof. W. Tim G. Richardson © www.witiger.com