- Chic kfi so (Digital signature)
4.4.2. Pheng clang lira ciao qua mgng (phishing)
Vein d'J
Ngay 17 thong 11 nom 2003, mOt s6 khach hang cita eBay dugc thong bao bang email rang tai khoan cua h9 tren eBay clang dugc cap that va tang cubing mirc dO an toan. Thong bao ding kern theo mOt duang clan (link) den mOt trang web cita eBay tai do khach hang co the ding ky de chap nhan cac dich vu nay. Tat Ca cac thong tin khach hang can cung cap de nhan dugc dich vu nay la cung cap s6 the tin dung, s6 bao hiem xa hOi, ngay sinh, ten bi mat, s6 pin the ATM. Van de duy nhat la thuc to eBay chua tong bao gibr girl di cac thong diep nhu the nay ca va trang web ma khach hang dugc clan tai cling khong thuOc su quan ly cua eBay. Mac du trang web gia tong rat gi6ng trang web thuc cua eBay, cling co logo dm eBay, giao dien twang tu, trang web nay thuc chat dugc tao ra vii muc dich Era ciao. Nhimg khach hang "ngay tha" dien thOng tin dugc yeu cau vao trang web nay dA ngay lap tirc tra thanh nan than dm vu Era dao tren mpg duqc biet den voi thuat net "phishing". Phishing la ky thuat Era dao sir dung thu dien tir, Pop-up, trang web de du co nguai dimg cung cap cac thong tin nhay cam nhu the tin dung, tai khoan ngan hang, mat khau...
Gicii phap
Ban chat ky thuat Era dao nay khong mai, tuy nhien "cong nghe" dugc sir dung lai mai va co nhieu nguai sir dung bi mac bay. Trtrac day, ding nghe dugc ua chuOng cho kieu Era nay la dien thoai. Ngay nay, nhimg ke chit mtru sir dung thu dien tir, thong diep pop-up, trang web gia de nguai sir dung Wang lam h9 clang giao dich vii cac doanh nghiep chinh thirc. Cac thong diep nay thuang clan dot nguai sir dung den mOt website khac, tai do, nguai sir dung se duqc yeu cau cung cap hoac cap nhat thong tin mai cho tai khoan cua hi?. Mac dit cac website nay trong hoan town gi6ng nhu website that, do la website gia mao. TO chirc phong chOng kieu Era dao nay co ten gqi Anti-Phishing Working Group (APWG, antiphishing.org ). Thing 7 nom 2004, so vu Era dao kieu nay dugc thong bao den APWG len den 1.974 vu, tang 39% so vii thing 6 cling nom. Nganh chit' tan ding nhieu that la dich
vu tai chinh (1.649 trong tong s6 1.974 vu tan ding). Thtrcmg hieu bi tan
s6 1.974). Nhimg website gia mao dugc luu tru nhieu !that tai Hoa KS ,
(35%) tiep den la Han Qu6c, Trung Qu6c va Nga. De tranh bi dieu tra, cac website gia mao thuemg hoat dOng trong mOt thai gian ngan, trung binh khoang 6 ngay.
Cac cong ty chuyen ve an ninh ten mang nhu VeriSign (verisign.com) va Name Protect (nameprotect.com) dang ph6i hgp trien khai de ngdn chart hinh thirc tan cong nay. Ca hai cong ty nay deu chit dOng nghien ciru cat website (ten mien, ten may chit, cac tang, nhom tin tire, chatroom...) de phat hien cac dau hieu phishing. Nhimg dich va nay dugc cac cong ty nhu MasterCard, cac cong ty ban le va t6 chirc tai chinh ho trg. Khi phat hien cac dau hieu lira dao, nhung thong tin nay dugc chuyen den cac t6 chirc ho trg va cac co, quan quan 15, lien quan. Tuy nhien, cac dich vu nay khong dugc thong bao trkrc tiep den cac khach hang dit la t6 chirc hay ca nhan. Do do, khach hang van can chit dOng ph6ng tranh nhimg vu lira dao Icieu nay. Uy ban Thtrcmg mai Lien bang (FDC-Federal Trade Commision) khuyen cao:
- Tranh tra 16i cac thu dien It hay thong diep pop-up yeu cau cung cap thong tin ca. nhan
- Tranh giri cac thong tin ca nhan hay tai chinh duai bat ky hinh thirc nao
- Kiem tra ky cac thong tin tai khoan va chi tiet mua sam the tin chin hang thong
- Sir dung va cap nhat cac phan mem diet virus thtrimg xuyen
- Can tong khi ma bat kSr thong diep disc lieu gan kern theo thu dien tit - Giri cac thong bao den FTC v'e cac thong diep bi nghi ng&
Kit qua
Theo dieu tra cua TO chirc Chting lira dao qua mang (APWG), uac tinh khoang 5% ngu6i sir citing mac phai by phishing. T6ng thiet hai khong dugc th6ng ke chi tiet, tuy nhien den nay van chua c6 quy dinh ctt the xir 1S, cac ke chit muu cua nhtmg At lira dao clang phishing.
Ben hQc kinh nghiem
Cac m8 hinh thuong mai dien tir deu c6 diem chung la nhieu ben tham
do do dam bao an toan trong thucmg mai dien tir" eat kho khan. Ke tan ding chi can phat hien ra mOt diem yeu trong toan bO he thong la co kha nang thanh ding. MOt so vu tan ding dai hoi cong nghe va ky nang cao. Tuy nhien, hAu het cac vu tan cong nhu phishing chi can sir dung nhimg ding nghe rat don gian de ddnh vao diem yeti dm con ngueri va cac tap qudn an ninh mpg mai dang hinh thanh. Do da so cac vu tan cong khong tinh vi va phirc tap, nharig quy dinh ro rang ve phang trdnh rui ro trong thucmg mai dien tit se gulp giam thieu dang ke nguy co va thiet hai.