Great Strides in Phishing
Earlier this month, Security Fix called attention to a phishing scam where bad guys were making use of the real Amazon.com Web site to trick people into entering personal information at a fake Amazon site they created.
Now, according to fraud investigators at RSA Security Inc., comes the release of a simple, point-and-click tool for sale in the hacker underground that is designed to help criminals automate the construction of more scam sites employing this same, sophisticated approach.
What made the Amazon phishing site that I wrote about so unusual was that it relied on a so-called man-in-the-middle attack, in which the fraudsters' fake site passes victim-supplied login credentials to the targeted institution's site on the user's behalf. The data passed to the legitimate site is stored or e-mailed to some free Webmail account set up by the fraudsters, and the victim is then typically handed off to the targeted institution's site.
This is a tactic used to make the fraudulent site appear more authentic: I've heard far too many people say they can tell whether a site is legit or not simply by entering completely made up or gibberish user names and passwords at a suspected phishing site. The reasoning here: "If this site is fake, it will accept my bogus login information, but if it tells me that the account information doesn't exist or is incorrect, then it must be the real thing." Obviously, the man-in-the-middle phishing method shows the folly of that line of thinking.
The phishing automation tool discovered by RSA is installable software that automates the creation of man-in-the-middle attacks so that any novice can set them up, and do so quickly. Using this tool, a criminal no longer has to buy or create custom phishing kits for a targeted organization. Also, the scam artist can intercept any data that is sent back and forth between the customer and the institution for as long as the victim is logged into his or her account.
I checked with a couple of reliable sources, and they said this simple software tool is indeed being sold on various shadowy online forums, apparently under the unassuming title "scams and fakes creation tool." It is being sold for about $1,000, a hefty price -- roughly five to ten times the amount that most phishing kits fetch on the Internet black market. However, the inflated price makes sense if you consider that the kit offers the ability to create more effective and convincing phishing sites targeting multiple institutions in a very short period of time, said Marc Gaffan, director of marketing at RSA's consumer division.
"This thing absolutely increases the scalability [of phishing attacks] and the vulnerability of smaller companies, particularly non-financial institutions [and] retail institutions that are more gearing toward credit card fraud," Gaffan said.
As of last Tuesday, Gaffan said RSA had spotted fewer than a dozen sites generated by the new tool. Still, scammers are always looking for greater automation tools. Given some of the sophistication that is being built into online fraud tools these days, it's probably safe to assume that we will see this type of phishing attack become the norm very soon.
Posted by: Mike Wyman | January 17, 2007 1:52 PM | Report abuse
Posted by: 215 | January 17, 2007 3:06 PM | Report abuse
Posted by: umm.huh | January 17, 2007 3:35 PM | Report abuse
Posted by: TJ | January 17, 2007 3:41 PM | Report abuse
Posted by: JimmyJackFunk21 | January 17, 2007 4:53 PM | Report abuse
Posted by: Dbh | January 17, 2007 11:28 PM | Report abuse
Posted by: Al Graziano | January 18, 2007 2:45 AM | Report abuse
Posted by: DBH | January 18, 2007 9:07 AM | Report abuse
Posted by: DBH | January 18, 2007 9:20 AM | Report abuse
Posted by: william | January 18, 2007 11:00 AM | Report abuse
Posted by: Eli | January 18, 2007 3:49 PM | Report abuse
Posted by: DBH | January 18, 2007 8:47 PM | Report abuse
Posted by: TJ | January 18, 2007 9:12 PM | Report abuse
Posted by: YDW | January 19, 2007 8:32 AM | Report abuse
Posted by: AR | January 19, 2007 8:49 AM | Report abuse
Posted by: MJF | January 19, 2007 9:07 AM | Report abuse
Posted by: Amos | January 22, 2007 8:18 PM | Report abuse
Posted by: Kinda | January 25, 2007 2:55 PM | Report abuse
The comments to this entry are closed.