eCrime of the 21st century: Phishing

February 26th, 2010

On July 17, 2009, October 1, 2009 and February 19, 2010 InstaForex Client Service has got reports from customers about unapproved e-mails from third persons not related to the company. There were the offers to follow the link and receive a bonus from InstaForex. Taking into account these three incidents, we recognize our responsibility to our clients and deem in duty to warn traders about possible fraud attacks. Hope, this article will help you to protect your computer and make you ready to break up phishing attacks.

Every day mass media publishes lists of organizations, whose clients were attacked by phishers. As soon as hackers work out new methods of attacks, business responds with developing of new clients’ personal data security facilities and gets external experts to take part in increasing safety level of electronic mail. In their turn, customers try to protect themselves from a stream of “official” e-mails and set stricter rules of communication.

While most organizations enhance severe rules of spam filtration, they should also take active measures in a struggle against phishing. Understanding the instruments and methods, used by fraudsters, and analyzing possible holes in perimeter’s safety, companies will be able to defend themselves against lots of popular and successful directions of such attacks beforehand.

Stealing sensitive information never has never been easier than nowadays in Electronic Technology Age. Hidden among trash of e-mails, avoiding most of anti-spam filters, new vector of assault is intended for thieving confidential personal data. Today professional criminals use specially formed messages to ensnare their victims. This type of attacks is called phishing.

By “phishing” we mean customers social engineering techniques used to steal their private information and confidential data transfer for a criminal use. Fraudsters use spam or computer-bots for their assaults. At the same time a size of a company-victim does not matter at all; quality of personal data weighs of its own accord.

Month by month phishing-swindles keep increasing not only in amount, but also in a quality manner. At present time a growing number of clients are attacked by phishers, such mass mailings are sent to millions of e-mail addresses all over the world. Moreover, some attacks are organized upon exact groups of clients. Using different methods of attacks, phishers can easily deceive clients for providing their financial data.

Most financial organizations, which business is related to the Internet, introduce new methods for saving clients private data. For example, InstaForex clients can enable service of SMS security: each time you are going to withdraw your funds from a trading account, you will need to verify the operation by protecting code, which will be sent automatically by the system to your mobile phone. So even if swindlers will get an access to your account, they will not be able to transfer your funds to their accounts. However, you should understand, that there are lots of easy instruments, which can be used by everybody for protecting against phishers. That is what I am driving at in this article.

First of all, some words about phishing technologies. These attacks combine methonds of technologic deception and social engineering. Phisher has to persuade a victim to make some actions purposely, which will provide an access to the sensible information. Nowadays hackers actively use the popularity of such means of communications as e-mail, IM, IRC and web-pages. In all cases phisher must impersonate a trusted source, for example, support service or administration of site, forum etc, to lend credibility to a victim.

Down to recent times, the most successful phishing assaults were made via e-mail, where a phisher play a role of an authorized person, imitating his/her reference address of electronic e-mail or putting elements of corporate style. For example, a victim receives an e-mail from support@instaforex.com <support@instaforex.com> (an address is substituted) with a message line “modification protection”, where they ask his/her to follow the link http://secure.insta-forex.com/en/withdrawal.aspx <https://secure.insta-forex.com/en/withdrawal.aspx> (the domain belongs to the attacker, not the company; moreover, the Hypertext Transfer Protocol is not secured, it must be HTTPS) and enter his trading password.

scammer_emailPic. 1. The example of phishing e-mail.

There could be much more methods, which phishers can use for stealing your sensitive data. They can send you a warning e-mail, that your account was hacked and you need to enter your trading password in a special form (there must be a fake link in the e-mail) for recovering it. Also they can offer you to get a bonus, and again an e-mail will contain a fake link to a false form. You can receive an e-mail with information about moving accounts to a new trading server and request of your personal data as well. Another way is sending e-mail with attached file or archive (such as exe, zip, rar), if a victim opens this file, his/her computer will be paralised by a trojan or virus.

Online phishing means copying popular sites by malefactors. They use similar domain names and analogous web-design. Then everything goes on according the used scheme. A victim, attracted by great bonuses, enters credit card and accounts numbers, pin codes and so on. All suspicions are dissipated, because the copied website looks like real. Such means of phishing has been in use during a long time. But little by little they become uneffective because of spreading knowledge about information security.

The third type is combined phishing. The point is in creating a fake site of a company, which victims are attracted to. They are offered to visit this website and do some actions by themselves. Usually hackers use methods of psychological effect.

Phishing attacks, organized via e-mail, are the most widespread. Implementing technologies of spammers, phishers can send out millions of e-mails to the real addresses in a few hours (or minutes, if they use distributed bot-networks). In most cases lists of e-mail addresses are bought by phishers from same sources as by spammers.

Using well-known defects in SMTP protocol, swindlers are able to make e-mails with a counterfeit “Mail From” line. They can set a name of any organization as a title of an e-mail. In some cases phishers can also set “RCPT To” box at chosen e-mail address, due to this a client’s reply to the e-mail will be sent to the phisher. Below is a list of methods used by phishers when operated at electronic mail:

- official form of e-mail

- copying valid corporate e-mail addresses with minor changes of URL

- HTML, used in electronic messages, complicates URL details

- standard attachment with worm or virus

- anti-spam filters complicating technologies

- fake links to popular blackboards and mailing lists

- counterfeiting “Mail From” line

Follow the simple rules and you will always be able to repel phishing attack.

Rule #1. Never reply to e-mails, requesting your private data.

Generally InstaForex support service send e-mail with personified compellation to a client. Phishers commonly use showy titles like: “Warning”, “Urgent”, “Your account was hacked”, “Specially for you!”. This is used for making a victim to follow a link immediately.

InstaForex never request account details or password via e-mail, only if a client has appealed to the company first. Even if an e-mail seems to you legitimate, you should not reply to it is better to call the company and specify. You should also carefully open attachments and download files from websites.

Rule # 2. Visit the company’s websites by entering its URL in a browser’s address bar.

Phishers use similar domains of the chosen company. But if you follow such link, you will come upon phishing web-page instead of real company’s site. This will not give you a full guarantee, but it can save you from some types of attacks.

Rule #3. Regularly check your account statement.

In case of discovering a suspicious transaction, immediately contact the company’s support service.

Rule #4. Check the security level of a site you are visitng.

Before you enter your sensible data at the company’s site, do some checks to be sure, that the company uses cryptographic methods. First of all, check the URL in an address bar. If you visit secure area (client and partner cabinets, account registration page, forms for depositing/withdrawing money and forms for getting the bonuses are situated at secured area), the address must begin with https://, not just usual http://.

address-barPic. 2. Green color in address bar indicates safety of the official InstaForex website.

Secondly, check an icon with the image of lock in a status bar of your browser. You can check the cryptoprotection level, determined by the bit quantity, just clicking to this icon. Green address-bar of secured area of InstaForex website indicates high security level of a clinet’s data.

encryption-protocolPic. 3.  How to check the cryptoprotection level.

Rule #5. Be careful, while working with e-mail and confidential data.

Never use the same passwords for all your online-accounts. Never provide your pin codes and passwords to third parties.

Never open spam e-mails and never reply to them, because with this action you provide a valuable information to a sender, that he got a valid e-mail address.

Rely on common sense while reading a message in e-mail. If something seems too good and unbelievable to you, so probably it is.

Do not make boast of your big profit at forums and public communities. This information can be interesting for hackers and become a reason for organizing a phishing attack upon you.

Rule #6. Protect your computer.

The most effective protection from trojans is antivirus software. Set antiphishing filters in your browser. Do not forget to scan your system by antivirus program from time to time.

Rule #7. Always report about discovering a suspicious activity.

If you have received a phishing e-mail, always report this to the company. First of all, the company can confirm if this mailing was approved or not. Secondly, they can warn other clients about a possible threat.

Added by Alexander Kozyrev,
InstaForex technical specialist

A successful trader versus an unlucky fellow

February 25th, 2010

Working 24/5 at Forex market it is possible to be earning money for several weeks, and loose everything in just a few minutes. Absolutely everybody, from a beginner to a professional, has experienced this. Thus, every trader should understand, that risky factor always exists and you should be ready for anything. A constructive approach, attention and logically adjusted analysis will help you to find correct answers to your questions.

Below, 9 topics will be discussed in order to prevent the traders from losing their track.

Fact 1

Traders, who predominantly experience intraday and short-term trading, can be added to the group of unlucky fellows. But the general reason for all failures is not that they are under time restrictions, but the fact that they do not have a good training and a clear-cut scheme of actions during their work. The absence of knowledge and educational background at this type of trading does not forgive even momentary mistakes; any misstep can bring to the loss of the deposit sum. Moreover, such traders often do not have sufficient funds on their trading balance. More successful traders can be trading mid-term or long-term.

Conclusion:

From a statistical point of view, a mid-term and a long- term trade have a greater possibility of profit. The same can be told about the invested funds, a chance of staying at market wholly depends on the sum of the initial capital.

Fact 2

The traders, who have no luck, often spend much time on the analysis of where the market will be tomorrow, on the contrary, more successful traders decide on the actions under the current conditions, and according to these conclusions are building their strategy.

Conclusion:

If a trader can predict the reaction of the mass, luck will be on his side. An opportunity to increase the capital considerably grows, if a trader can react to irrational buying and selling of the majority by a logical plan of actions. Consequently, being a lucky analyst is more difficult than being a lucky trader. An analyst has to make a more difficult work, as he should forecast the movement of the market and recommend how to get maximum profit, while a successful trader just has to follow the market.

Fact 3

More lucky traders pay attention to the deals which brought loss and the ratio of the risk to the profit, while the failures concentrate on profitable operations.

Conclusion:

Paying attention to the risk is more important than to the profit or losses. The traders, who consider trading from a professional viewpoint, always take into account, how much they can gain and how much they cam lose.

Fact 4

As a rule, the traders, who cannot control their emotions, are impossible to be called lucky. Successful and more experienced traders analyze the market without emotions.

Conclusion:

The trader’s approach cannot be named neither well- grounded, nor logical, if the position opening and closing happens only on the basis of intuition. But complete ignore of emotions and feelings is also wrong. Sometimes, numerous stresses can bring to mental disorders; moreover, it is possible to lose general trading skills. The best way is to trace each emotion, and afterwards, check if there are still the reasons for this or that action.

Fact 5

All inexperienced traders are very concerned about their rightness, but the professionals accept emotions, though never let them overtake mind. Successive traders take notice not only of what can bring the profit, but also of what can prevent from it.

Conclusion:

It is very important always to be in course of events at the market, but one should also separate private life from trading. Big pressure causes psychological breakdown and physical fatigue. Professionals of trading always react fast to the current market events; it’s just a job for them, which brings yield.

Fact 6

Losing funds during the trade, the unsuccessful trader starts to buy new books or trading systems, starting to work according to their conception at once, but an experienced trader analyses what happened and corrects his methods in respect to the received data. A better trader does not start using a new system at once, but only when he realizes, that his old one deceives his expectations.

Conclusion:

Good traders always keep to their methods, usually using only a few trading strategies.

Fact 7

Traders, who have little experience of trading at market, sometimes try to copy the actions of the famous traders. Professionals at this time consider all strategies, including those of famous traders, but use the example only if it suits into their style of trading.

Conclusion:

The trader’s personality, his knowledge of the market and his personal trading system are much more important than the achievements of the great market speculators.

Fact 8

Often the traders with no trading experience at market do not notice many factors, which could bring them profit. The sum being in work defines the profit of every trader, which is realized by professionals. More money should come to Forex, than leave it, and this should be taken into account by every trader.

Conclusion:

All factors, which can influence the profit, should be taken into consideration during the trading.

Fact 9

Generally, all traders, who have just started working at Forex or who are constantly losing an opportunity to gain profit, take this too close to their hearts. While, more professional traders perceive it easily. The process of trading brings them pleasure, at the same time, they are taking it absolutely serious.

Conclusion:

Psychiatrists found out that the more serious a man is, the easier he is exposed to illnesses.

Sum up:

Successful traders as well as unlucky ones perceive trading at Forex as a kind of game.

If we compare trading to a game, a bowling for example, the beginning traders will understand, that strikes’ rate, which is achieved by professionals with no visible efforts, is a result of a long time spent outside the “big game”. Like in sport, trading accounts for a great number of inner and outer factors.

It is necessary to be serious about every conducted operation. The professional traders differ from novices in that the former follow a definite trading strategy; the latter take it as a game.

Added by Olga Vitkovskaya,
InstaForex Clients’ relationship manager

Gap: while we were having a rest

February 17th, 2010

Absolutely every trader has seen a gap on the charts, but what it means, and why it takes place, is not clear to all. A gap is a price difference, which usually occurs on Mondays after the weekend at Forex market. Forex is a currency exchange, functioning 24 hours five days a week.

But currency rates at Forex do not stop their movement even on days-off. The last ticks of the quote changes can be observed on Friday, after that, the rates stop their movement for two days exactly at the same position as it was at closing of the session on Friday. The difference between the quotes on Friday and on Monday can be detected by traders only on Monday. But on days-off, Forex is showing the changes of currency pairs’ quotes.

There are brokers, who depict the movement of currency pairs even on days-off, nevertheless, trading is not carried out, and the gap on the charts cannot be seen.  Thus, such notion as a price gap does not exist at Forex market. Brokerage companies and dealing centers use the smoothing of the quotes on Forex “days-off”.

When important news is released, there appear ugly peaks on the candlestick graphs, and in order to continue normal trading, brokers smooth the quotes. But a question arises: what is the advantage of brokers, who make quote purchases even on Forex days-off?

Among the general positive gaps’ features is the actuating of pending orders. Consequently, using automatic trading systems in the process of trading, a trader can achieve the most profitable results. The only signal for trading using automatic advisors at Forex, is the receipt of quotes, that is why, the display of the current quoting rates should take place even on Forex days-off.

Added by Alexey Skachilov,
InstaForex
Clients’ relationship manager

What is Forex address?

February 13th, 2010

Forex is the market of interbank currency exchange at free prices. The market participants are banks, pension funds, transcontinental corporations and private individuals. The international currency market does not have any strictly regulating system, and requires no direct communication of a seller and a buyer during the transaction conclusion.

At present, currency market Forex is the largest telecommunication space, which is working five days a week and 24 hours a day. The address of the international currency market can be simply found in the Internet, to do this, we can use the search- engine Google, Altavista or Yahoo and so on, the only difference here is that in every country, Forex market has its own representative office.

Currency trade in electronic format can considerably differ from trade at the interbank level. Network address of Forex system allows conducting deals in electronic format using specialized software.

In order to have a possibility of working at Forex, it is necessary to open a trading account.  Forex account address is accessible for trader’s work in the telecommunication system- it is a personal account, with the help of which diverse currency operations, as well as withdrawing or depositing of funds are made.

Many traders organize clubs for experience exchange, in different cities, there are numerous platforms, which allow discussions of numerous questions connected with working at Forex. The address of such traders’ communities can also be easily found in the Internet. The registration on these resources makes it possible to find quickly and without special efforts the required information about working at international currency market Forex, and answers to all questions, which a trader can have during his work at market.

Countless Internet resources will help to get acquainted with information about Forex. Addresses of Forex educational courses, brokerage companies and support services for clients, whose work is remote, allow with no difficulty to get all essential information about the market currently trading sessions.

If you are a beginning trader, the best and the most effective variant for you is an educational course. All addresses of educational courses and Banking Schools can also be found in numerous Internet resources. Educational courses, seminars, masterclasses will help to understand the essence of Forex work in details.

Private investors are able to make all transactions through brokerage companies and dealing centers, to do this, it is required to enter into an agreement, where personal data are indicated. International currency market Forex makes it possible for a vast number of traders to conduct numerous deals.

One can also find answer to absolutely any question about working at Forex, by making a search in the Internet. If you had problems during your work at market, you should turn to support services, and there are lots of them in the global net, where you can get a consultation of a specialist.

Forex market is one of the most dynamically–developing and widespread markets on the planet, this makes it possible for traders to work and gain profit.

Added by Ekaterina Kelehsaeva,
InstaForex copywriter

Post and Win with forexfox.nl & InstaForex

February 10th, 2010

Contests and Campaigns Administration of international online Forex broker InstaForex Company announces the launching of new competition for forum users of the Netherlands community – Web portal www.forexfox.nl, timed to coincide with opening of the official representative office of InstaForex Company in Amsterdam.

The competition starts on February 15, 2010 and ends on March 15.

According to the contest rules each registered user of forum on the portal www.forexfox.nl may take part in the competition. Participants who will post more comments during the period of the contest holding will be determined as winners.

At the end of the contest the prize fund in the amount of 1500 Euro will be distributed among eight winners:

  • 1st Place: 350 Euro
  • 2nd Place: 300 Euro
  • 3rd Place: 250 Euro
  • 4th Place: 200 Euro
  • 5th Place: 150 Euro
  • 6th Place: 125 Euro
  • 7th Place: 75 Euro
  • 8th Place: 50 Euro

Prizes will be automatically credited to the trading accounts of the winners with InstaForex Company. In case a winner does not have a real trading account the company will open it with the prize. The prize can be withdrawn only after execution of certain number of deals.

You can find detailed information about the terms and conditions of the competition at the contest page of the portal www.forexfox.nl. InstaForex Company wishes all contest participants a good luck!

Added by Ekaterina Abramova,
InstaForex PR-manager