Phishing tool constructs new sites in two seconds
With the recently discovered "plug and play" phishing kit, a relatively "non-technical" person with the right information could launch a phishing attack against any financial institution. "This new phishing kit reduces the barrier. No technical expertise is needed by the phisher, and it is far less risky as the remote host is only accessed once," said Marc Gaffan, director of marketing with RSA's consumer solutions group.
The code contains all of the HTML (Hypertext Markup Language) and graphics needed for the fraudulent Web site, which spoofed an unnamed financial institution according to the report. This means the hacker did not have to repeatedly access the compromised server to upload graphics or other code for the site, potentially reducing the chance of the computer's security software or network software detecting something.
There is more bad news for financial institutions. According to the report, there were 36 new entities attacked in the month, and the majority of them were financial institutions. "The others who were attacked, were payment oriented sites, or have access to customer credentials," Gaffan noted.
The trends RSA sees in the type of bank or credit union being attacked is the further penetration to smaller, regional banks and credit unions. "Looking at these numbers, the absolute case in the last two years, it was the nation wide banks, the top ten US banks, the phishers were attacking them in large numbers."
They are now targeting an increasing number of small credit unions, with smaller pools of members and getting a small percentage of bites.
Eagleye offers a revolutionary breakthrough to protect websites from phishing, spear phishing, pharming, and identity fraud. Eagleye adds an entirely new security layer to detect the real identity of visitors to a website.
Learn more about Eagleye
RSA Monthly Online Fraud Report: June 2007