Friday , March 29, 2024

Phishers Grow Bolder, More Inventive, in Stealing Online Data

Fraudsters sent out fewer phishing e-mail campaigns in September, but they operated from more Web sites, launched several opportunistic campaigns?including ones designed to steal donations intended for Hurricane Katrina victims?and became even more inventive in their use of keyloggers and other malware. The number of unique phishing reports received by the Anti-Phishing Working Group declined for the third straight month in September, to 13,562 from 13,776 in August, according to the APWG's latest report (these refer to unique e-mail campaigns, which may involve millions of messages, conducted by phishers). But the group, a consortium of software vendors, payments networks, and law-enforcement agencies, says the number of Web sites operating phishing schemes hit 5,242, second only to the record number set in August and nearly five times the number detected a year ago. Worse, fraudsters are using more insidiously sophisticated malware in their attacks. Overall, while the number of unique variants on keyloggers?the script that “listens” for and steals confidential information as victims are entering it?declined to 142 from 168, the report says the number of sites hosting such trojans grew to 965, up from 958 in August. This is double the number of such sites in May. Further, the APWG report says phishing criminals are now using larger and more sophisticated programs, written in Visual Basic, that lure Internet users into entering data into graphical-user interfaces. One example the report cites involved a bogus e-mail phishers sent to users of America Online telling the customers the Internet service had sustained a security breach that could compromise their data. The fraudulent e-mail contained a link to visit a Web site to download a patch that would “protect” their information. What users actually downloaded was malware written in Visual Basic. This script included a wizard that guided users through entering such data as account and billing information?including account limits. Phishers also exploited several natural disasters in September, including Hurricane Katrina. In one example, criminals sent e-mailed partial news reports about the storm as it was developing, with links to the full news story. When users clicked on the link, they downloaded a trojan that then released a second application that gave the phishers control of the user's machine. In another example, phishers used e-mails and Web sites tricked out to look like those of the Red Cross to capture credit card numbers, expiration dates, and PINs to divert donations into their own coffers.

Check Also

Buying Groups Might—or Might Not—Give Merchants More Negotiating Power with the Card Networks

Card-acceptance costs and network rules weren’t the only subjects covered by the sweeping settlement revealed …

Digital Transactions