(January 10, 2007) RSA Security Inc. on Wednesday announced its analysts had discovered a powerful new phishing tool fraudsters are selling via online forums and using to hoodwink consumers. The tool, which RSA calls a “universal man-in-the-middle phishing kit,” allows phishers to set up a URL that can interact in real time with the actual content of the Web site of a targeted brand, such as a bank or e-commerce site. In this way, the fraudsters can intercept any data consumers may enter at the log-in or checkout pages of these sites. They then send out phishing e-mails embedded with links that send recipients to the fake URL, where the user can see an organization’s legitimate Web site but where any information he enters will be hijacked by the fraudsters as he types it.

The new tool is especially insidious, says RSA, because of its all-purpose nature. Fraudsters can use it to target any Web site without having to customize or create a tool for each brand. Also, the tool collects all data users enter, including all information the user types in after logging in. Typically, phishing attacks gather only data they request, usually passwords, PINs, or credit and debit card account numbers.

RSA says analysts at its Anti-Fraud Command Center (AFCC) monitor an online forum used by phishers, where they discovered the tool being offered for sale. The analysts have “researched and analyzed” a demo version that was offered on the forum in a free trial, the company says.

RSA said it is working with clients to fend off the new tactic. “While these types of attacks are still considered ‘next generation,’ we expect them to become widespread over the course of the next 12 to 18 months,” said Marc Gaffan, director of marketing for consumer solutions at the Bedford, Mass.-based unit of EMC Corp., in a statement.

The kit is the latest evidence of stepped-up efforts by phishers to con unwary online users and thwart anti-fraud measures. Last month, the Anti-Phishing Working Group, which tracks phishing, reported a surge in spoofed sites as fraudsters created multiple subdomains to foil computer filters, like those embedded in browser toolbars, that detect known phishing sites and flash warnings to users (Digital Transactions News, December 12, 2006). The number of fake sites soared to 37,444 in October, up nearly nine-fold from October 2005. The volume of reported phishing attacks, the group said, hit 26,877, up 21% from September.