27 November, 2007

Phishing in Arabic

Here is an interesting email I received last week. Its a phishing attack, but written in Arabic. The irony of this email is I received the attack while presenting at MEITSEC, one of my favorite conferences in the Middle-East. I could not resist the temptation and asked one of my friends there to help translate (I was surrounded by several hundred native Arabic speaking security professionals at the time, talk about timing). Phishing attacks in other languages is not new, but what I thought was interesting was the translation. My friends had a hard time reading the Arabic, it did not make sense to them. Instead, it looked like an email translated through Babblefish. This was most likely done by cyber criminals who do not understand the language. As the bad guys begin to exhaust the English speaking populations I'm sure they will start targeting emerging countries such as the Middle-East. I'm quite sure over time they will polish and improve their attacks on the Arabic community, just as we have seen here in the West.

2 comments:

C.S.Lee(geek00L) said...

Hi Lance,

Good to know you have blog now, and hope for more good reads.

There are even phishing mails in Malay language for quite sometime(it shouldn't be hard to find translators if it is from organizations that running black ops) and I think we will see more in future.

Cheers ;]

Anonymous said...

I'm designing my security layer on the basis ( assumption ) that true criminality elicits a behavioral pattern of avoiding work - to an unknown extent - such that 80% of wasted filtering can be eliminated by forcing both the intruder and the authorized operator to think, several times.

Information of actual value must be protected by hashcode()'s and AES - but as your incident reveals: Most intrusion attempts value no-work.