PACKET SNIFFERS, WEB SPOOFING, PHISHERS, AND KEYSTROKE LOGGERS

written by: CEO Justin Tomel; article published: year 2007, month 08;



In: Categories » Computers and technology » Data security » PACKET SNIFFERS, WEB SPOOFING, PHISHERS, AND KEYSTROKE LOGGERS

Many con games have been around for years; others are brand new to the Internet. The prime con game on the Internet involves stealing your credit card number so the con artist can rack up charges without your knowledge. Con artists have several ways to steal your credit card number: packet sniffers, web spoofing, phishing, and keystroke loggers.

Packet sniffers

When you type anything on the Internet (such as your name, phone number, or credit card number), the information doesn't go directly from your computer to the website you're viewing. Instead, the Internet breaks this information into "packets" of information and routes it from one computer to another, like a bucket brigade, until the information reaches the actual computer hosting the website you're viewing.

Packet sniffers search for credit card numbers by intercepting these packets of information. Typically, someone will plant a packet sniffer on the computer hosting a shopping website. That way a majority of packets that are intercepted will contain credit card numbers or other information that a thief might find useful.

Packet sniffers intercept information on the Internet in much the same way that a thief can intercept calls made with cordless or cellular phones. If you order merchandise over a cordless or cellular phone, a thief could intercept your call and steal your credit card number as you recite it over the phone for the order taker. After the packet sniffer intercepts a credit card number, it copies it and sends the credit card number to its final destination. Consequently, you may not know your credit card number has been stolen until you find unusual charges on your next bill.

To protect yourself against packet sniffers, never send your credit card information over the Internet. If you still wish to order merchandise online, only trust websites that encrypt your credit card number (a tiny lock icon appears in the bottom of the screen when you're connected to a supposedly secure online shopping site).

While the threat of someone intercepting your credit card number through a packet sniffer is fairly remote, the biggest threat to your credit card is actually a company storing it on their (usually insecure) computer. Hackers can break into that computer and steal all the credit card information stored there, and there's nothing you can do about it.

Web spoofing

Web spoofing is quite similar to packet sniffing, but instead of secretly installing a packet sniffer on a computer host, web spoofing involves setting up a fake website that either looks like a legitimate online shopping website or masquerades as an existing, legitimate website.

Fake websites often have URLs similar to the website they're spoofing, such as http://www.micrsoft.com (misspelling Microsoft), so victims will believe they're actually connected to the legitimate site. When you think you're sending your credit card number to a legitimate firm to order merchandise, you're actually handing the thieves your credit card number.

To protect yourself against web spoofing, make sure you can always see the website address in your browser. If you think you're accessing Microsoft's website (http://www.microsoft.com), but your browser claims that you're actually accessing a website address in another country, you might be a victim of web spoofing.

Phishing

The boldest way to get someone's credit card number is just to ask for it. Naturally most people won't hand over their credit card numbers without a good reason, so con artists make up seemingly valid reasons.

Phishing involves contacting a victim by email or through a chat room. The con artist may claim that the billing records of the victim's Internet service provider or online service need updating, so would the victim be kind enough to type their credit card number to verify their account? Phishing is especially popular in the chat rooms of America Online or CompuServe.

Obviously, no legitimate business has any reason to ask for your credit card number through a chat room or by email. To protect yourself from these scams, make sure you never give out your credit card number to strangers through the Internet or any online service.

Keystroke loggers

A keystroke logger is a special program or piece of equipment that secretly records a user's keystrokes, such as the keystrokes that person uses to type a password or credit card number. If a con artist has access to your computer, he or she can secretly install a keystroke logger on your computer to record everything you type. Then when you're gone, the hacker can return to retrieve your captured keystrokes.

Software keystroke loggers hide in memory, while hardware keystroke loggers either connect between the computer and the keyboard or hide inside specially disguised keyboards. Visit KeyGhost (http://www.keyghost.com) to view examples of both types of keystroke loggers.

If a hacker doesn't have access to your computer, he or she can still install a keystroke logger on your computer remotely by using a remote access Trojan horse or RAT. The con artist simply contacts potential victims through email or chat rooms and convinces them to download and run the Trojan horse. Once the victim runs the Trojan horse, it opens a port and contacts the hacker. From this point on, the hacker can read any files or watch the keystrokes on the victim's computer without the victim's knowledge.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Which Are The Most Common Network Security Risks
A network security incident isany network-related activity with negative security implications. Security incidents on the Internet can come in all shapes and sizes, launched from specific systems or networks. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised. A typical attack pattern consists of gaining access to a user's account and using the victim's system as a launch platform for attacks on other sites. The following are other example...

2. The Most Common Network Security Tools and Technologies
The following taxonomy is useful in understanding the security systems, technologies and authentication tools widely available to support secure transmission and storage of information in a networked e-business environment. Firewalls Firewalls are used to keep a network secure from intruders. A firewall is a network node consisting of both hardware and software that isolates a private network. In order to understand how a firewall works, one should have an understanding of packets, IP addresses and DoS attacks. Howev...

3. Securing Multiple Servers and Domains with SSL
As organizations and service providers enhance their Web sites and extranets with newer technology to reach larger audiences, server configurations have become increasingly complex. They must now accommodate: Redundant server backups that allow Web sites and extranets to maximize site performance by balancing traffic loads among multiple servers Organizations running multiple servers to support multiple site names Organizations running multiple servers to support a s...

4. How to protect against Unexpected Inputs
When you surf the Internet, you download one of two types of Web pages to your computer: static or dynamic. A static Web page sits on a Web server until a client computer sends a request for it. Once requested, the Web page is then downloaded to the client computer exactly as it was created, where the Web browser then views the page. A static Web page is really nothing more than a brochure or advertisement, and does not allow the true power of the Internet to be expressed. However, a static page is relatively safe from hackers....

5. What are Buffer Overflows
Exploiting a buffer overflow is an advanced hacking technique. However, it is a leading type of security vulnerability. To understand how a hacker can use a buffer overflow to infiltrate or crash a computer, you need to understand exactly what a buffer is. A computer program consists of many different variables, or value holders. As a program is executed, these different variables are assigned a specific amount of memory as required by the type of information the variable is expected to hold. For example, a short integer ...

6. Protecting the Security of Information
The first and best line of defense against unwarranted intrusions into personal privacy is for individuals to employ e-commerce technology to protect themselves. Industry-developed and supplied encryption technologies and firewalls, for example, provide individuals with substantial tools to guard against unwarranted intrusions. Encryption is technology, in either hardware or software form, which scrambles e-mail, database information, and other computer data to keep them private. Using a sophisticated mathemati...

7. Why Is Authenticated SSL Necessary
Notions of identity and authentication are fundamental concepts in every marketplace. People and institutions need to get to know one another and establish trust before conducting business. In traditional commerce, people rely on physical credentials (such as a business license or letter of credit) to prove their identities and assure the other party of their ability to consummate a trade. In the age of e-business, authenticated SSL certificates provide crucial online identity and security to help establish trust between ...

8. Virus Prevention ~ How to protect against Internet Viruses
There are several elements to a good virus defense. The most important element requires some self-control—you must NEVER open a file/program unless you are 100% sure it is not infected. No matter how attractive the file is, where it came from, or what it promises you, you can never assume that a file is what it claims to be. For example, the Melissa virus reproduced through email and sent copies of itself to every one in the victim's address book. Because of this, relatives and friends of the victim were soon infected as ...