Frudulent phishing scams on the increase
December 10, 2004
Daily headlines in the on-going fight against phishing scams is increasing. Additionally, there are new threats that underscore the need for for even more vigilance on the anti-phishing sector.
Seeking swifter action against fast-moving phishing scams, some of the Internet's best-known service providers announced plans to share phishing attack data with one another and law enforcement agencies through Digital Phishnet.
But even as this anti-phishing dream tream was being unveiled, security researchers revealed a security hole that makes it easier for phishing operations to inject content into legitimate web sites.
Leasing links to your website will boost your search engine visibility
Secunia documented a cross-browser security flaw that is likely to be rapidly adopted by phishing operations. The technique uses a specially-crafted link to a legitimate website, which then enables the scammer to place content into pop-up windows opened during the session - including data collection forms that spoof the design of the legitimate site.
Since working code was visible in the HTML source of Secunia's demonstration, it won't be long before phishing operations test the attack. Phishing scams have shown the ability to adapt new exploits within days of their publication, and have recently begun using templates, toolkits and automation to expand their repertoire of attacks and servers.
Phishing attacks seek to trick account holders into divulging sensitive account information through the use of e-mails which appear to come from trusted financial institutions and retailers.
The ability to work quickly is central to the success of phishing enterprises, which make their money in a short window of time that begins when their emails arrive in inboxes and ends when their server or domain name is shut down by providers.
Digital Phishnet is designed to accelerate the industry response to phishing, with founding members including Microsoft, America Online, Earthlink, VeriSign, Network Solutions, Lycos and Digital River, who will join forces with the FBI, Secret Service, Postal Inspection Service and Federal Trade Commission.
The aim is to create "a single, unified line of communication between industry and law enforcement, so critical data to fight phishing can be compiled and provided to law enforcement in real time," according to a press release announcing the effort.
"The key to stopping phishers and bringing them to justice is to identify and target them quickly," said Dan Larkin, unit chief at the FBI's Internet Crime Complaint Center (IC3). "Phishers create and dismantle these phony sites very, very fast, stockpiling credit card numbers, passcodes and other personal financial information over the course of just a couple of days, in order to avoid detection."
Phishing attacks have surged in recent weeks, according to the Anti-Phishing Working Group (APWG), which documented 6,597 new, unique phishing email messages in October, more than three times the 2,158 seen in August.
The scams have become more sophisticated as well, including a cross-site scripting attack in which scammers manipulated a bank's own web page to try and collect sensitive customer data.
Register your domain name for just $5.99 for a whole year.
"The type of sophistication we've seen in recent phishing scams requires an equally strong and sophisticated response," said Dave Alampi, vice president of marketing for Digital River, a major provider of e-commerce services. "By collaborating with other industry leaders, particularly in the technology world, and incorporating a substantial law enforcement component, we believe we can more effectively raise awareness and reduce this threat for Internet users."
"Hackers who launch phishing attacks are formidable opponents and therefore demand a serious and concerted response from the industry, said Judy Lin, executive vice president for VeriSign.
Nancy Anderson, vice president and deputy general counsel for Microsoft, called the new effort "an aggressive and offensive attack against these cybercriminals and one that will make their lives much more difficult."
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing