Phishing Attacks Soar as Scammer Nets Widen
Some of the Web's most prolific organized online criminals are starting to step up the frequency and sophistication of phishing attacks, targeting commercial banks, job hunting sites and data brokers, Security Fix has learned.
Typically, phishing scams involve phony e-mails and counterfeit bank Web sites that try to lure unsuspecting users into disclosing user names and passwords. Lately, however, some of the more technically advanced phishing groups have started shifting their sights to higher-dollar targets.
The source of this latest twist in phishing is known as "Rock Phish." These attacks generally involve techniques to avoid new anti-phishing measures. Both the Firefox and Internet Explorer Web browsers include features that alert users if they try to visit a site that has been flagged by security experts. Rock Phish attacks are designed to thwart this "blacklisting" approach by generating multiple, unique Web addresses for each attack, thus making it easier for them to evade phish filters.
The Rock Phish attackers are thought to have pioneered the use of images to bypass spam filters that flag scam and junk e-mails based mainly upon telltale text. The prevailing theory is that whoever is responsible for these highly efficient phishing attacks is making tens of millions of dollars through their efforts and may not take kindly to someone interfering with that income.
No one really knows who's behind these attacks, but sources who spoke with Security Fix suggested that transnational organized criminal groups are likely involved. That explains why some of my best sources steadfastly refuse to talk about Rock Phish scams on the record out a stated fear for their physical security.
Rock Phish attacks are behind the spike in overall phishing attacks recorded by security monitoring firms. The Anti-Phishing Working Group, an industry consortium, said that in April it recorded the highest number of phishing sites ever reported -- 55,000, nearly 20,000 more than the previous record high logged in October 2006. The spike, it said, was due principally to the proliferation of phishing sites erected by Rock Phish attacks.
Phishtank.com, an open source anti-phishing community, recorded its highest ever number of new phishing sites last month as well -- 77,700. According to the Phishtank blog, close to 90 percent of the new reported phishing sites are generated by Rock Phish attacks.
So what organizations are being targeted by these attacks? MarkMonitor, an anti-phishing company that specializes in disabling phishing sites before they can do much damage, wouldn't say -- its client list is kept private. But Te Smith, MarkMonitor's vice president of communications, said that over the past two months the company has tracked a 100 percent increase in Rock Phish-style attacks against commercial banks, the kind that cater to comptrollers and accounts that businesses routinely use to transfer large sums of money.
Smith said the new Rock Phish attacks "are trying to intercept credentials of people who have access to online services that provide very detailed credit and consumer data." In addition to targeting data brokers, Smith said, the Rock Phish scams also are going after commercial banks, those that service large and medium-sized businesses, in part because those institutions' thresholds for detecting fraud are higher than with consumer banks.
"These [types of customers] are as a matter of course transferring more money, and red flags don't rise as early when large sums transfer," Smith said.
Working with a couple of the aforementioned reticent sources, Security Fix was able to identify a few Rock Phish targets. Perhaps the most disturbing target was Accurint, a division of consumer data gathering giant LexisNexis that provides highly detailed consumer records to law enforcement agencies. Armed with the credentials for an Accurint account, there is virtually no limit to the amount of information criminals could gather about consumers, including Social Security numbers, former addresses, maiden names, and so on. Prominent on the Accurint home page is an alert warning users never to click or follow links to Accurint from e-mail messages.
Another target recently folded into the Rock Phish attack stable is job search giant CareerBuilder.com. Job-search sites are attractive because many applicants list all kinds of personal data on their resumes, including Social Security numbers and previous addresses. In fact, the image to the left is a screen shot of a fake Careerbuilder.com site employed in a Rock Phish attack that is live as of press time.
Careerbuilder.com spokesperson Jenny Sullivan said the company takes fraud attacks very seriously and that it is working with the FBI and other organizations to track down the authors of the phishing attacks. The company also includes on every job posting tips to help users avoid e-scams or becoming victims of fraud.
May 24, 2007; 5:20 PM ET
Categories: Fraud , From the Bunker , Latest Warnings , Safety Tips
Save & Share: Previous: Cyber Crooks Hijack Activities of Large Web-Hosting Firm
Next: Apple, Microsoft Issue Security Updates
Posted by: http://Darksat.x47.net | May 24, 2007 5:56 PM | Report abuse
Posted by: Misanthrope | May 24, 2007 7:52 PM | Report abuse
Posted by: MitmWatcher | May 25, 2007 12:35 AM | Report abuse
Posted by: Simon | May 25, 2007 2:09 AM | Report abuse
Posted by: Arjen de Landgraaf | May 25, 2007 2:49 AM | Report abuse
Posted by: Susan Dawson | May 25, 2007 11:44 AM | Report abuse
Posted by: nedu | May 25, 2007 2:06 PM | Report abuse
Posted by: Bud | May 30, 2007 9:57 PM | Report abuse
Posted by: tattoofreak_6969 | June 9, 2007 7:53 PM | Report abuse
The comments to this entry are closed.