Hostile profiling launches new wave of online attacks


Hostile profiling launches new wave of online attacks

Antony Savvas

Spammers and phishers are exploiting websites to create visitor profiles for targeted attacks.  

Anti-spamming solutions provider Blue Security says “hostile profiling” is easily accomplished using two new types of attack - registration attacks and password reminder attacks.  

These attacks exploit sites that employ e-mail addresses as user identifiers during the registration process or for password reminders, allowing attackers to know whether a certain address belongs to a customer of such sites.    

By automatically attacking hundreds of websites, spammers and phishers can generate a detailed consumer profile from any e-mail address, including the owner's addresses, hobbies, political views, purchasing preferences and health information, and then use this information for targeted spamming and phishing attacks.  

Blue Security has found that a large majority of websites, including eight of the top 10 websites in the US, are vulnerable to registration attacks and password reminder attacks. 

Some websites are already taking measures to protect themselves against such assaults by requiring billing information with each registration or implementing other security solutions. 

In addition, Blue Security has found that registration attacks and password reminder attacks allow the harvesting of user addresses from nine out of 10 major ISPs, web-based e-mail providers and most recent non-bank phishing targets.  

Eran Reshef, Blue Security chief executive officer, said, “Hostile profiling is yet another example of how online criminals abuse the internet to attack innocent users.” 

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy