Recently, security researchers identified a new phishing scam circulating on the microblogging site Twitter. In the latest attack, first identified by security experts at Internet security firm Sophos, victims reportedly receive a message from other members of the site enticing them to watch a video, picture or a blog. They try to dupe the victims by claiming that pictures, blogs and videos contain their reference. The messages contain a link, which leads users to a strikingly similar but fake page of the microblogging site. Unwary members, who visit the counterfeit page to view the images, videos and blogs inadvertently, compromise their login credentials. Scammers may use the login credentials to gain unauthorized access to the members Twitter account, propagate spam messages, upload malicious pictures and gain access to personal information related to friends of the victims. The scammers may use the extracted information to send more sophisticated phishing e-mails impersonating as a friend, peer, subordinate, supervisor or family member and entice target victims to reveal additional personally identifiable information and financial details such as debit and credit card details. Users must ensure themselves of the authenticity of the sites before entering login credentials and disclosing any information on the sites. In the latest case, the fake site had prefix and suffix added to the legitimate name of the site to deceive users. The microblogging site is resetting the passwords of the accounts of the affected users.
They may also attempt to target and gain access to other e-mail accounts pertaining to the members by taking advantage of the tendency of the users to use common passwords on different sites. People often ignore the basic tenet of cyber security of using strong and unique passwords on different sites for easy remembrance and convenience. However, cybercriminals are always on the look out to breach the security and gain unauthorized access to online accounts, networks and computer resources. The financial incentive of such access is higher, as they can sell the extracted confidential data on underground cybercrime markets, use financial information for producing counterfeit credit and debit card information. According to a report by Panda Security earlier in the year, cybercriminals sell credit card information for as low as $2 in underground cybercrime black market.
People from all walks of life from IT professionals to professors, doctors, and students use computers and Internet. As such, they must be aware of computer and Internet security. Internet users may benefit from online computer degree programs and enhance their awareness on security issues.
Organizations are now using microblogging sites such as Twitter and Weibo for business promotion. Media sites use those sites for dissemination of news feeds. Scammers also attempt to extract confidential information related to professionals and businesses. Professionals qualified in IT masters degree and security certifications may help organizations in understanding and improving cyber security practices.
The latest phishing attack follows recent worm attack on Chinese microblogging site Weibo. Security professionals must regularly update their technical skills and enhance their capabilities through online technology degree programs.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
