A number of Batelco customers have reported receiving emails asking them to 'Resolve their accounts' where a link in the email redirects customers to a phishing site
that has the look and feel of Batelco eServices, but is in fact nothing to do with Batelco.
Among the other techniques used by phishers are addressing victims using their real name, sending e-mail that appears to come from a trusted friend or coworker, using a Web address for the phishing site
that's very close to that of the real site, featuring images at the phishing site
that were stolen from the real site, using links at the phishing site
that connect to the real site, and employing scripts at the phishing site
that place a picture of the real Web address over the address bar.
When a site is determined to be a potential Phishing site
, the ZILLAbar displays a Phishing Alert in real time.
When a possible phishing site
is identified, AOL limits access to the site though the AOL client and informs any member who attempts to visit it
If anything, there are probably more "lures" of all types being generated, but with the destination being an exploit site with a drive-by download that infects users directly with malware, rather than a phishing site
that attempts to steal credentials via social engineering.
There are almost 300 parameters which reliably indicate whether it is a phishing site
Batelco Group media relations general manager Ahmed Al Janahi said a number of customers have reported receiving e-mails asking them to 'resolve your accounts' where a link in the e-mail redirects customers to a phishing site
that has the look and feel of Batelco e-Services, but in fact has nothing to do with the company.
Once these steps are followed the phishing site
generates a Java code, which the user is then prompted to use.
Each phishing site
rakes in an average of $25,000 (BD9,425) every month, he said.
Typically, the host site is legitimate, not a phishing site
created for the sole purpose of stealing consumer data.
When IB Secure detects that a user's browser is about to access a phishing site
it actively prevents the user from passing his or her sensitive data to that bogus site.
Traditional anti-phishing services have focused on a reactive versus a proactive approach, in which a phishing site
is discovered and shut down as quickly as possible.