TechTarget

Hostile profiling launches new wave of online attacks

Spammers and phishers are exploiting websites to create visitor profiles for targeted attacks.

Spammers and phishers are exploiting websites to create visitor profiles for targeted attacks.  

Anti-spamming solutions provider Blue Security says “hostile profiling” is easily accomplished using two new types of attack - registration attacks and password reminder attacks.  

These attacks exploit sites that employ e-mail addresses as user identifiers during the registration process or for password reminders, allowing attackers to know whether a certain address belongs to a customer of such sites.    

By automatically attacking hundreds of websites, spammers and phishers can generate a detailed consumer profile from any e-mail address, including the owner's addresses, hobbies, political views, purchasing preferences and health information, and then use this information for targeted spamming and phishing attacks.  

Blue Security has found that a large majority of websites, including eight of the top 10 websites in the US, are vulnerable to registration attacks and password reminder attacks. 

Some websites are already taking measures to protect themselves against such assaults by requiring billing information with each registration or implementing other security solutions. 

In addition, Blue Security has found that registration attacks and password reminder attacks allow the harvesting of user addresses from nine out of 10 major ISPs, web-based e-mail providers and most recent non-bank phishing targets.  

Eran Reshef, Blue Security chief executive officer, said, “Hostile profiling is yet another example of how online criminals abuse the internet to attack innocent users.” 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close