Language Selection

English French German Italian Portuguese Spanish

New phishing attack uses real ID hooks

Filed under
Security

Workers at hosted security services company Cyota are sharing the details of this more sophisticated form of phishing threat, which forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The security company would not disclose the names of the banks involved in the attacks, but said that its list includes some of the largest financial-services companies in the nation.

According to Cyota, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

Phishing is a form of online fraud that has exploded in frequency over the last several years. Typically using large-volume e-mail campaigns, phishers try to trick people into sharing personal information that the thieves then sell or use to commit identity theft. The new breed of attack, however, could have a higher success rate because the e-mails present unsuspecting recipients with accurate information in a document that looks like legitimate bank correspondence.

Cyota co-founder Amir Orad said he believes that the criminals responsible for the personalized phishing attacks have purchased stolen consumer data from other individuals and are trying to get information that's even more sensitive to sell to someone else at a premium.

"The attacks take advantage of poor technological defenses and continued consumer vulnerability, and evidence the work of an organized group with real research-and-development resources," Orad said. "So far, the success rates that we've seen are amazing. People are expecting to see a crude attack that tries to steal their information; they're not expecting to see this much real information as part of the attack."

Full Story.

More in Tux Machines

today's howtos

Leftovers: Gaming

Fedora 21 Alpha to release on Tuesday

Today the Fedora Engineering Steering Commitee held a “Go/No Go” meeting regarding the Fedora 21 alpha, and it was agreed that the current release candidates for Fedora 21 met the release criteria. With this decision, this means that Fedora 21 will be released on Tuesday September 23, 2014. Read more

Teaching open source changed my life

Teaching open source has been a breath of fresh air for myself and for many of our students because with the open source way, there are no official tests. There is no official certification for the majority of open source projects. And, there are no prescribed textbooks. In open source, no employer worth working for will ask for official proof of your abilities. A good employer will look at what you’ve done and ask you to showcase what you can do. Yes, it still helps to have a Computer Science degree, but the lack of one is often no drawback. Read more