Language Selection

English French German Italian Portuguese Spanish

New phishing attack uses real ID hooks

Filed under
Security

Workers at hosted security services company Cyota are sharing the details of this more sophisticated form of phishing threat, which forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The security company would not disclose the names of the banks involved in the attacks, but said that its list includes some of the largest financial-services companies in the nation.

According to Cyota, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

Phishing is a form of online fraud that has exploded in frequency over the last several years. Typically using large-volume e-mail campaigns, phishers try to trick people into sharing personal information that the thieves then sell or use to commit identity theft. The new breed of attack, however, could have a higher success rate because the e-mails present unsuspecting recipients with accurate information in a document that looks like legitimate bank correspondence.

Cyota co-founder Amir Orad said he believes that the criminals responsible for the personalized phishing attacks have purchased stolen consumer data from other individuals and are trying to get information that's even more sensitive to sell to someone else at a premium.

"The attacks take advantage of poor technological defenses and continued consumer vulnerability, and evidence the work of an organized group with real research-and-development resources," Orad said. "So far, the success rates that we've seen are amazing. People are expecting to see a crude attack that tries to steal their information; they're not expecting to see this much real information as part of the attack."

Full Story.

More in Tux Machines

Linux Devices

  • MediaTek Announces An Interesting Deca-Core ARM Dev Board
    The folks at MediaTek in Hsinchu announced the Helio X20 Development Board today as the first development board using a tri-cluster, deca-core design. As implied by the name, this developer board is using the Helio X20 SoC, which features a tri-cluster CPU architecture and ten processing cores: two Cortex-A72 at 2.3GHz, four Cortex-A53 cores @ 2.0GHz, and four Cortex-A53 cores at 1.4GHz. Depending upon system load, the relevant/needed cores will power up. The X20 uses ARM's Mali graphics, supports 2 x LPDDR3 POP memory, and has integrated 802.11ac WiFi.
  • Voice control your embedded systems with 20 lines of software code
    Speech recognition software technology provider Sensory is offering TrulyHandsfree SDK to embed voice enabled functions in your embedded systems software. TrulyHandsfree SDK supports fixed triggers, user enrolled triggers and commands phrase spotting technology.
  • No SSD Storage On Raspberry Pi 3? Try MinnowMax Turbot Board
    The fact that you can not use an SSD storage device with the Raspberry Pi is a huge drawback. Devices that use the Raspberry pie consume a lot of storage. Devices like drones etc could use the onboard SSD storage. Too bad that the Raspberry pi 3 does not support it. But no worries have you head of the MinnowMax Turbot board?

Server Administration

  • Why Container Skills Aren't a Priority in Hiring Open Source Pros (Yet)
    It should come as no surprise that open source training and hiring is typically predicated on what skills are trending in tech. As an example, Big Data, cloud and security are three of the most in-demand skillsets today, which explains why more and more open source professionals look to develop these particular skillsets and why these professionals are amongst the most sought after. One skillset that employers have not found as useful as professionals is container management.
  • All Hail the New Docker Swarm
    Unfortunately, I’m not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker’s native clustering/orchestration solution (also known as SwarmKit, but that’s really the repo/library name). And it’s certainly a big change. In this post I’ll try to highlight the changes and why they’re important.
  • Apache Spark Creator Matei Zaharia Describes Structured Streaming in Spark 2.0 [Video]
    Apache Spark has been an integral part of Mesos from its inception. Spark is one of the most widely used big data processing systems for clusters. Matei Zaharia, the CTO of Databricks and creator of Spark, talked about Spark's advanced data analysis power and new features in its upcoming 2.0 release in his MesosCon 2016 keynote.

The heartbeat of open source projects can be heard with GitHub data

GitHub released charts last week that tell a story about the heartbeat of a few open source, giving insights into activity, productivity and collaboration of software development. Why are these important? Enterprises increasingly define software development as a top priority to gain competitive advantage or defend against disruption. They often turn to open source software because it is fast and agile. Enterprise IT decision makers should understand GitHub because it is the backbone of most open source projects. Read more

Linux Foundation Certified System Administrator: Lorenzo Paglia

The Linux Foundation offers many resources for developers, users, and administrators of Linux systems, including its Linux Certification Program. This program is designed to give you a way to differentiate yourself in a job market that's hungry for your skills. To illustrate how well these certifications prepare you for the real world, this series features some of those who have recently passed the certification exams. These testimonials should help you decide if either the Linux Foundation Certified System Administrator (LFCS) or the Linux Foundation Certified Engineer (LFCE) certification is right for you. In this installment, we talk with LFCS Lorenzo Paglia. Read more