New "universal" phishing threat looms
By Rene Millman,
A new generation of phishing attacks is about to be unleashed on the internet, according to information unearthed by a security company.
Encryption company RSA discovered a "universal" phishing kit that can be easily configured by phishing gangs to target new victims quickly.
Fraudsters who want to start a phishing attack do not have to purchase or prepare a bespoke phishing kit for each target. Once criminals posses the kit, the attack can be configured to "import" pages from any target website.
The company's Anti-Fraud Command Center (AFCC) discovered the new form of attack. Unlike standard phishing attacks, which only collect specific requested data (typically login and card-related credentials), this attack is designed to intercept any type of credentials submitted to the site after the victim has logged into his account as well.
Using the universal phishing kit, the fraudster creates a fake URL via a simple interface. This web link acts as a "man-in-the-middle" and communicates with the legitimate website of the targeted organisation in real-time - which could be a bank, an e-commerce site or any other such business transacting with its users online.
The victim receives a normal looking phishing email and when they click on the link they are directed to the fake site. The victim then interacts with genuine content from the legitimate website - which has been "imported" by the attack into the phishing URL - thus allowing the fraudster seamless, invisible and immediate access to the victim's personal information.
Experts warned this type of attack could become commonplace over the next year.
"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Marc Gaffan, director of marketing, Consumer Solutions at RSA.
"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months," he said.
advertisement
Latest Security Features
Q&A - John Stewart, Cisco's chief security officer
The head of security for Cisco speaks to IT PRO about application security and solving the identity problem.
- NHS IT - something to celebrate?
- Q&A – Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
- Behind the scenes: Symantec's malware battle
- The rise of storage security
- Google Mail Security
- Demand for tougher data breach legislation
Latest Security Reviews
AVG Internet Security SBS Edition 8.0
Rating: 
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?