Security researchers are reporting a new brand of phishing attack that attempts to use stolen consumer data to rip off individual account holders at specific banks.
Workers at hosted security services company Cyota are sharing the details of this more sophisticated form of phishing threat, which forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The security company would not disclose the names of the banks involved in the attacks, but said that its list includes some of the largest financial-services companies in the nation.
According to Cyota, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.
Phishing is a form of online fraud that has exploded in frequency over the last several years. Typically using large-volume e-mail campaigns, phishers try to trick people into sharing personal information that the thieves then sell or use to commit identity theft. The new breed of attack, however, could have a higher success rate because the e-mails present unsuspecting recipients with accurate information in a document that looks like legitimate bank correspondence.
Cyota co-founder Amir Orad said he believes that the criminals responsible for the personalized phishing attacks have purchased stolen consumer data from other individuals and are trying to get information that's even more sensitive to sell to someone else at a premium.
"The attacks take advantage of poor technological defenses and continued consumer vulnerability, and evidence the work of an organized group with real research-and-development resources," Orad said. "So far, the success rates that we've seen are amazing. People are expecting to see a crude attack that tries to steal their information; they're not expecting to see this much real information as part of the attack."
Orad said that Cyota has already taken down several sites related to the personalized phishing schemes, but indicated that many more such sites have appeared since. The company is advising consumers to avoid sharing any financial information online without first verifying that a request for such data was sent for legitimate purposes.
In another recent development, the March phishing trends report released by the Anti-Phishing Working Group found that the attacks are increasingly relying on so-called keystroke loggers, a form of malicious program, to garner consumer information. Rather than trying to direct people to fake Web sites that ask for personal information, keystroke phishers capture login names and passwords for online bank accounts when customers access the accounts via computer. The keystroke logger programs then forward that information to the attackers.
The banks need to stop authenticating based on static data. how many more millions will people have to loose before they take action. Lower cost solutions are coming out now, that even make it extremely affordable. Like this one.
...to do what's right and protect us, the consumer. They're only gonna protect their bottom lines. It's gonna take lawsuits to make the comparison (and alternatives) cheaper.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here and what the next steps are.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
<a class="jive-link-external" href="http://www.techmobius.com/tm/UI/Pages/P/IndustrySls/CardSolutions/index.aspx" target="_newWindow">http://www.techmobius.com/tm/UI/Pages/P/IndustrySls/CardSolutions/index.aspx</a>
<a class="jive-link-external" href="http://www.schneier.com/blog/archives/2005/03/the_failure_of.html" target="_newWindow">http://www.schneier.com/blog/archives/2005/03/the_failure_of.html</a>