• Quote of the Day
    "For most people, transformation is slow. It happens without you realizing it."
    Marsha Linehan, posted by Daniel

Libertate

Member
Joined
Jun 25, 2007
Messages
3
Points
1
Although this topic most likely does not directly impact your site, it does fit within "Keeping Your Community Safe".

We often hear requests for ways to access systems from corporate, government or educational networks. Most of these organizations monitor and often block various sites for various reasons.

The most frequently recommended solution is attempt to reach the destination web site through a proxy web site, or non-blocked, in-between site.

This is no longer safe.

Both from my recent experience, and feedback from others, proxy sites are increasingly used for "phishing". Users reaching the proxy web sites presume the information passed back and forth is not saved by the proxy.

This is no longer the case.

Although phishing sites are specialized proxy sites, the new trend is simply to monitor real proxy sites' traffic, and when target web site is accessed through a proxy, log all activity.

These sites are advertised, promoted and show up in search engines as providing proxy and anonymity, intermingled with regular proxy and anonymity sites. There is almost no way for an individual to detect a phishing proxy site, from a non-phishing one.

Beware of proxies and anonymity solutions.

:eek2:
 

Retired

Member
Joined
Aug 17, 2005
Messages
8,965
Points
36
Would you provide a typical scenario as to how a person might be an unsuspecting victim of proxy site phishing?

It is not clear how this concern might apply to me and what measures I need to take to protect myself.
 

David Baxter

Administrator
Joined
Mar 26, 2004
Messages
37,955
Points
113
Thanks for posting this, Libertate.

Steve, here's one scenario. You use a proxy to sign in to this forum. That includes logging in with your member name and password. If the proxy site chooses to intercept your keystrokes, they now have your log-in information.

Or you try to visit a site at work that you don't want people to know about, e.g., pirated software, illegal music downloads, pornography. You try to hide your identity from your employer via a proxy but end up using a credit card or PayPal. That proxy site now has your financial account information.
 

Latest posts


Top Bottom