Bung no website phishing tren mang Web

Ban tuong rang bo loc phishing tich hop moi ben trong hai trinh duyet IE7 va Firefox 2 se bao ve duoc du lieu ca nhan cua minh u? Hay nghi lai.

Nguon: SecurityLabs

So luong website ra doi nham muc dich dao mo, lua dao va phishing da gia tang voi toc do ten lua hoi nam ngoai, con so luong nan nhan cua cac phi vu phishing cung dong gan gap doi. Trong thang 11/2006, To chuc chong Phishing My da phat hien duoc 37.500 website moi, tang toi... 709% so voi con so 4630 site cua cung ky nam truoc.

Thang 10 nam ngoai, ca Mozilla lan Microsoft deu phat hanh nhung phien ban trinh duyet moi nhat, voi tinh nang lap so den cac website phishing, roi su dung danh sach nay de chan khong cho nguoi dung truy cap vao nhung dia chi do.

De dap lai, gioi phisher lap tuc doi bom the gioi mang bang hang ha sa so nhung website ma, gia mao moi, voi toc do nhanh den muc cac bo loc kho long ma lap kip danh sach hay xoa so.

Viec gioi lua dao "de" ra website moi de dang den muc bao dong, cong them hang loat chien thuat lua dao kieu moi, khien cho gioi bao mat nhap nhom nhu phai lua. Tham chi, con con chua chat thua nhan chinh gioi phisher moi la nhung ke tren co trong cuoc chien nay.

"Den mot giai doan nao do, nhung cong nghe dua dam qua nhieu vao so den se tro nen vo dung", ong Zulfikar Ramzan, chuyen gia cap cao cua Nhom Phan ung Bao mat Symantec canh bao.

Phishing nhu boc keo

Thang truoc, cac bo cong cu "phishing" (cho phep bon toi pham lap ra nhung website gia mao y nhu that, co do thuyet phuc cuc cao ma cong suc bo ra lai het suc khiem ton) bat dau duoc rao ban nhan nhan tren website "cho den".

Site gia mao cop hinh anh va thiet ke layout tu website that, thuong la cua ngan hang hoac to chuc tai chinh. Khi nguoi dung dang nhap, cac thong tin nhu tai khoan, mat khau se duoc truyen tro lai website that de quy trinh log-in dien ra binh thuong. Nguoi dung khong he hay biet rang ban sao cua nhung du lieu nhay cam kia da roi vao tay bon phisher.

Cung voi dong du lieu ngon ngon do vao tay bon toi pham la nhung khoan loi nhuan kech xu. Hang nghien cuu Gartner uoc tinh co toi 3,5 trieu nguoi My da ho henh tiet lo thong tin toi mat cho nhung ke lua dao trong nam 2006.

Con so nay nhay vot toi 86% so voi nam 2005 - va thiet hai kinh te ma ho phai ganh len toi 2,8 ty USD. Mot bang nhom phishing co hang ten la Rock Phish, tham chi con kiem duoc hon 100 trieu USD.

Theo cac chuyen gia bao mat, Rock Phish chinh la thu pham nghi ra hang loat ky thuat moi, gop phan tao ra su bung no cua cac website phishing. Thu rac hinh (loai thu rac qua mat cac bo loc bang cach nhung hinh anh vao trong phan noi dung email) cung la mot san pham cua Rock Phish.

Tham chi, ho con du doan rang den mot ngay nao do, rieng Rock Phish thoi, se chiem toi hon mot nua so website phishing dang hoat dong cua ca the gioi.

Dau dau tim giai phap

Cong nghe scan chu dong dang la mot huong ma nhieu nguoi nghi den. Thay vi dua dam vao danh sach den, liet ke nhung website phishing da biet, cong nghe nay phan tich hanh vi cu the cua mot website bat ky, tim kiem nhung ky thuat, thu phap ma gioi phisher thuong su dung. Theo Microsoft, IE7 da su dung cong nghe nay.

Ngoai ra, gioi bao mat cung ghi nhan su noi len cua mot chuan xac thuc site moi - co ten goi EV SSL (hay Lop bao mat xac thuc mo rong). De co duoc "con dau xac nhan" nay, mot website se phai chiu su kiem tra cua mot cong ty trung gian nhu VeriSign hoac Entrust de dam bao it nhat, trong no cung co ve hop phap.

Sau khi "qua" duoc bai kiem tra, tai nhung site nay, thanh dia chi trinh duyet se hien thi mau xanh. Microsoft da ho tro EV SSL trong trinh duyet IE7, va nhieu site thuong mai dien tu lon nhu Pay-Pal cung vua bat dau ung dung chuan nay.

Tuy nhien, xin dung mung voi. Su troi day khung khiep cua cac website phishing cho thay: gioi phisher co du moi manh khoe de qua mat cac cong cu loc tu dong. Gan day nhat, chung da phat trien duoc mot so cong nghe moi, de doa ca nhung chuan bao mat nhu EV SSL.

Cach bao ve tot nhat

Hien nay, nguoi ta chua tim ra duoc lieu thuoc than duoc nao de bao ve minh vo hai truoc van nan phishing. Mac du vay, van co mot cach don gian de ban tu bao ve lay minh: khong bao gio click vao mot buc email hay tu mot website trung gian de dang nhap vao tai khoan tai chinh cua minh.

Thay vao do, hay luon su dung bookmark rieng hoac chiu kho go day du dia chi website len thanh dia chi trinh duyet, ke ca khi ban dam chac 100% rang buc email la hop phap.

Cac cong cu tu dong nhu Password Safe cung co the tro giup phan nao. Tuy nhien, de chong lai gioi phisher tinh quai, phuong an bao ve tot nhat ma ban co van la... chinh ban.