123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Technology,-Gadget-and-Science >> View Article

Credit Card Phishing Site Found On Sony Thailand Servers

Profile Picture
By Author: Apple Tan
Total Articles: 68
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Sony hasn’t been having a great year as far as security is concerned. After a hack last month and quite a few ever since, it was just two days ago that another exploit was found, bringing all online services down once again. In an already bad week for Sony, F-Secure is now reporting that an actual scam site is hosted on Sony’s Thai domain, sony.co.th.
The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing webpage on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK.

"The phishers are looking for credit card details and logins," said Hypponen.
Two phishing pages mimicked a site for the Italian CartaSi credit card. The first page asked for a username and password, while the second page asked for "additional verification" that included a credit card number, expiration date, and security code. Users were then redirected to an official CartaSi site.
The less savvy users surfing the web may rightly think this is an official partner page as it is hosted on Sony’s site. But the reality ...
... is someone has managed to hack the Sony Thailand server and insert this page without Sony noticing.
Mikko H. Hyppönen, from F-Secure, also stated that this doesn’t necessarily mean that Sony.co.th or Sony.com got hacked, because the sub-domain in question may run on an external party’s server: “I believe thіѕ particular site mіght run οn ѕοmе ad agency’s IP take up. Nevertheless, іt’s under Sony’s name, ѕο technically, іt’s Sony’s server.”
The security researcher came across the Sony website compromise while looking for phishing scams connected with PSN. The page was most likely to have been compromised via SQL injection, or a PHP vulnerability, and is no longer active, Hypponen added.
Phishing is the act of fooling a computer user into submitting personal information by creating a counterfeit website that looks like a real (and trusted) site. It is a hacker technique of "fishing" for passwords and other secret financial info.
To house these official looking websites, hackers often break into lesser-checked web servers to house their false fronts so that it’s more difficult to track them down when the phishing site is uncovered. Sony’s Thai server appears to have been the victim of one of these hacks and, now that it’s been discovered, it can be disabled and cleansed.
Hypponen said that the timing of the hack was unfortunate for Sony, given that it’s PlayStation Network and Qriocity services were coming back online after a major cyber attack that compromised the details of millions of people. "Right now it looks especially bad," said Hypponen. "It's just bad luck and bad timing."
This incident highlights the need for better security systems. The frequency of cyber crime is only going to increase if organizations and companies fail to pay attention to the vulnerabilities of their network security. They need to implement robust internet security initiatives, including hiring highly trained information security experts to avoid cyber crimes and security breaches.
IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as advanced penetration testing training, Digital Mobile Forensics, Cryptography, Advanced Network Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres.

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced security training for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing training, malware analysis, advanced social engineering, cryptography, digital forensics deep dive, and web application security training, among others.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).

Total Views: 276Word Count: 761See All articles From Author

Add Comment

Technology, Gadget and Science Articles

1. Why Silent Pods Are Essential For Modern Open-plan Offices?
Author: Silent Pod

2. Innovative Design, Unmatched Quiet: Explore Our New Pods
Author: Silent Pod

3. How Silent Pod Is Revolutionizing Workspaces In The Uae?
Author: Silent Pod

4. Discovering The Advantages Of Various Types Of Silent Pods
Author: Silent Pod

5. Drone Spraying: A Game Changer For Hard-to-reach Vineyards
Author: Alex Wilkinson

6. Comparative Analysis Of Glass Cloth Electrical Tape And Fiberglass Tape For Transformer Insulation
Author: jarod

7. Which Certification Is Best For A Java Full Stack Developer?
Author: Shankar Singh

8. Streamlining Operations With Heavy Equipment Tracking Solutions
Author: Asset Tracker

9. Why Choose Laravel : Explore Its Features & Benefits For Building Web Applications
Author: Rob Stephen

10. Why Your Business Needs An Inventory Management Software Solution
Author: nagaraj

11. What Thickness And Width Options Are Available For Polyimide Tape?
Author: jarod

12. Ứng Dụng Máy In Số Thứ Tự Trong Các điểm Giao Dịch Công
Author: xephangsmart

13. Navigating Challenges And Seizing Opportunities In Tech Development
Author: Yash Tamakuwala

14. Business Process Outsourcing Market Insights: The Impact Of Digital Marketing Strategies
Author: Grand View Research

15. Why Your Business Needs E-invoicing Software For Hassle-free Billing
Author: nagaraj

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: