From the National Computer Network Emergency Response Technical Team Coordination Centre (CNCERT / CC) treatment of phishing incidents, users seek help less, I do not know how to deal with, and not high in many host security problems should be solved.
As e-commerce and online banking as a means of shopping and financial transactions are widely used, Phishing (Phishing) sort of fraud is becoming more rampant.Phishing refers to the lawless elements in the Internet electronic transactions known phishing sites (such as a bank or auction site) pages, to lure users to fake sites to cheat the user account and password information to steal money.
In most cases, criminals often use a loophole to enter a host of other innocent users to fake Web page to run, then, produce and distribute a large area very confusing and deceptive e-mail.These messages seemingly from banks or retailers, claimed to have some kind of urgency required the recipient to update or on account of new products for sale.This lack of security awareness of Internet users are often prompted by the message, click the message actually appear normal phishing Web site.Once the user clicks on this link, they will be prompted to enter account information, credit card number, transaction password, and other important personal information that will eventually fall into the wrong hands, then from the user's account to steal money.
Increasingly rampant
As e-commerce, online billing, online banking and other business in the popularity of daily life, phishing endless losses are growing.According to U.S. statistics, said banks and credit card companies, Internet fraud since 2003, the loss of 12 billion U.S. dollars, an average loss of about 1,200 dollars per victim.According to British security agencies MI2G estimated that phishing scams since 2003, global economic losses of more than 322 million reasons to reduce our customers, business interruption, and for efforts to restore brand reputation.
The face of the temptation of such a huge economic interests, many hackers turn to the implementation of phishing attacks.Spam filtering company Brightmail data indicate that the rapid growth of the global total Phishing e-mail, in April 2005 reached 3.1 billion.These professional hackers to make fraudulent website address is also faced with enormous pressure, they use advanced technology and the latest vulnerabilities, which makes a lot of security experts a headache.
This new use of Internet fraud attacks appeared, the cause of network security, finance, business use of the Internet to provide financial services institutions and the judiciary very seriously.National Computer Network Emergency Response Technical Team Coordination Centre (CNCERT / CC) since 2004 on the right phishing attacks form the new attention given to, as a key event for processing.
In 2002 and 2003, CNCERT / CC for possession of counterfeit activities in the domestic financial sites have only one effect.In 2004, CNCERT / CC incident reports received phishing Class 223, mostly from the international emergency response organizations and the security team.The end of 2004, there have been numerous domestic financial websites were fake events, such as fake Bank of China, Industrial and Commercial Bank of China, Agricultural Bank of China and other events.In 2005, CNCERT / CC has received from abroad 456 phishing incidents, which completed 145.Most of these phishing class event organization and security of international emergency and requested assistance to address the Panel's report, the phishing site has been mostly well-known financial institutions abroad, there is a small amount of counterfeit domestic Industrial and Commercial Bank of China and Taobao's incident reports.
From CNCERT / CC to receive and handle the number of reported incidents involving phishing incidents in China in late 2004 from a significant increase, still high, this is also broadly consistent with international trends.
Many problems can not be ignored
From CNCERT / CC incident handling characteristics of phishing view, the following should not be overlooked:
1.The relevant Mainland authorities to seek help too little
To 2005 data, for example, to CNCERT / CC report phishing incidents involving more than 40 foreign institutional organizations, of which 40% came from eBay.Report phishing incidents in the largest number of organizations, the top 10 came from abroad.
But CNCERT / CC control situation, there have been some for the home or bank, the company's phishing incident, but reported to the authorities, seek help very little.In such case, an objective reason is that the Chinese authorities in the event of phishing for your event, do not know to whom to seek help, and to close websites; Another reason is that, for various considerations, do not want people to knowcounterfeiting of their website.In fact, not timely help close the website, and not in time to remind the user's attention will lead to more users fooled victims, once the user found to be caused by the reasons Phishing unit, then the unit's reputation is Phishing losses and negative impacts may bemore.Therefore, the Chinese authorities respond to phishing incidents have a more profound understanding of disposal.Once a phishing incident involving himself, shall promptly report to relevant departments for help, turn off the fake site, take steps to remind users to avoid greater losses and impact.
2.Many host country security is not high
Internationally, the implementation of phishing lawless behavior, tend to choose other parts of the computer to create fake Web page, to escape their judicial and law enforcement investigation and punishment.At present, many foreign hackers make use of their invasion and control of the territory of the host country to create fake pages.
According to international authorities Anti-Phishing Working Group (APWG) reported phishing website to run the country that hosts the distribution of statistics, the first half of 2005 the situation of the host running fake page can not be optimistic.Circumstances shown.
In a sense, China has become a training base for fraudulent website, which to a certain extent affected the healthy development of the Internet in China.Many fraudulent website run by the Chinese host on the black shows that the security situation in the host country is not optimistic.There are three specific reasons.
First, many hosts are in no state to maintain security.As of December 31, 2005, the number of online computers in China reached 49.5 million units.The number of Internet users in China every success, hosting services are also widely carried out, the site's security problems are growing, many hosts are in no state to maintain.
Second, poor awareness of security.Many users of computer security awareness is relatively weak.Many systems even in the patch is not installed, not installed anti-virus software, Firewall connected to the Internet, a hacker implanted fraud page provides easy one opportunity.
In addition, little understanding of the dangers of fraud website.In early 2004, since the fraudulent web page processing, many users simply remove the fraud in its host all the content pages and logs, on hastily.They do not realize the importance of post processing, there is no patch in time to take other safety measures, leading to a host is repeatedly implanted with fraudulent website.
3.Many users do not know how the domestic deal with
Phishing incident is characterized by a victim user to visit from the fake site, leakage of important personal information, to the final loss of money, the whole process tends to occur in a short period of time.Therefore, the owner of the host running the network in terms of fishing, with rapid and aggressive treatment of phishing incidents are taking place, will be carried out promptly to stop the illegal activities more effectively to avoid economic losses of network users.
CNCERT / CC phishing incidents in the actual processing based on the experience, developed a corresponding standardized processes.Typically, the CNCERT / CC coordinated phishing headquarters dealt with by CNCERT / CC provincial sub-centers of specific commitments, in the positioning fake host, contact the host user and provide information to help users remove fraudulent website in time or further removed hackers plantinto the back door, the user is to enhance network security and so on.However, in this process, if the host user does not understand, do not match, you can not fake site shut down promptly.
Therefore, while the relevant departments to strengthen the popularization of education, on the other hand domestic users also need to deepen understanding of phishing.Once involved in their management of phishing hosts, should be on their own or as soon as possible with the support of the parties concerned to take timely action: immediate closure of their host phishing pages, to stop illegal activities, thus reducing losses; save and when necessaryfake web access logs to assist in the analysis to find traces of undesirable elements clues.
To find effective countermeasures
According to the State Council Information Office published the "China Information Development Report 2005", at the end of 2004, China joined the Consortium's network of 132 organizations across the country issuing more than 769 million total, cross-bank transactions completed in 2004 1.83 billion pens,cross-bank transactions amounting to a total 685.8 billion yuan.Can be expected, as China's financial market more into line with international, China will be more credit card holders, through the Internet for electronic transactions will cross more and more, the threat of fraud website followed.Currently involved in multiple incidents of fraud web host for the implantation of false in the domestic foreign bank transactions interface.More than the ultimate victim is a foreign bank card users.CNCERT / CC involved in China now receives financial institutions and users of phishing incidents is still relatively small.