Blog

Site Snatching

Mar 21

Written by:
3/21/2011 10:22 AM

As a former academic advisor, this headline caught my attention:

“Scammers steal entire college website”

‘What?” I thought. “How? How could scammers penetrate the impervious security of the United States university system?”

Wink, wink.

Truth be told, universities are notorious for lax security. I know, because I’ve seen it. Employees are often fully unprepared for a social engineering attack because they are untrained on how to deal with phishing phone calls, email attacks, or even the importance of locking sensitive documents away from prying eyes.

But, I digress. In this case, it actually wasn’t the school’s fault. In the case of Reed College, scammers performed a quick copy-and-paste and, voila! A copycat site that could be used for any matter of evil deeds, including malicious schemes involving application fee theft.

Copying websites and creating nearly identical domain names is certainly nothing new in the world of social engineering scams—but it is baffling how often people are surprised by this technique. No one believes that it is just that easy to fake a site.

We know, because we do it all the time.

When a company hires us to perform a social engineering audit, we will often take just a few minutes to create a mock-up of their site—with a URL that differs from the original by only a character or two. This virtually guarantees that employees will log in to our site and provide whatever information we ask for.

So, here are our two points of advice today:

1) MANAGERS: If you are in any way in charge of your company’s website, be sure your company not only owns your own domain, but also as many other modifications of that URL as possible. This will limit a scammer’s options when attempting to create a fake version of your website.

2) WEB USERS: If you are about to provide any information or make a payment of any kind online, be absolutely certain that your site is the right one. This includes double-checking the URL carefully.

Unfortunately for Reed College, the copycat “University of Redwood” is still lurking out there, though there has been no confirmation as to why. But hopefully applicants to Reed will be circumspect before paying any fees!

Trackback Print

Tags:

Categories:

Location: Blogs Parent Separator

Miranda Nerland

0 comment(s) so far...

Blog Search

KeywordsPhrase

RocketReady Twitter

Twitter Updates

Keep Your Android Healthy! http://t.co/jVCIkhRn about 1 months ago reply
Let's review the top 5 security breaches of 2011. Surprisingly, employees were the biggest losers (of information). http://t.co/Kl0MBBPk about 4 months ago reply
Click here to find out how to recycle your way to a security breach. http://t.co/mMQRNzgR about 5 months ago reply
That guy that just followed you in from the parking garage could be a social engineer—and you just held the door open. http://t.co/C8EcCgVN about 6 months ago reply
Yes...the name is ridiculous. But “vishing” is a serious threat. http://t.co/aCWncSwE about 6 months ago reply