Hostile profiling launches new wave of online attacks

News

Hostile profiling launches new wave of online attacks

Antony Savvas

Spammers and phishers are exploiting websites to create visitor profiles for targeted attacks.  

Anti-spamming solutions provider Blue Security says “hostile profiling” is easily accomplished using two new types of attack - registration attacks and password reminder attacks.  

These attacks exploit sites that employ e-mail addresses as user identifiers during the registration process or for password reminders, allowing attackers to know whether a certain address belongs to a customer of such sites.    

By automatically attacking hundreds of websites, spammers and phishers can generate a detailed consumer profile from any e-mail address, including the owner's addresses, hobbies, political views, purchasing preferences and health information, and then use this information for targeted spamming and phishing attacks.  

Blue Security has found that a large majority of websites, including eight of the top 10 websites in the US, are vulnerable to registration attacks and password reminder attacks. 

Some websites are already taking measures to protect themselves against such assaults by requiring billing information with each registration or implementing other security solutions. 

In addition, Blue Security has found that registration attacks and password reminder attacks allow the harvesting of user addresses from nine out of 10 major ISPs, web-based e-mail providers and most recent non-bank phishing targets.  

Eran Reshef, Blue Security chief executive officer, said, “Hostile profiling is yet another example of how online criminals abuse the internet to attack innocent users.” 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy