Language Selection

English French German Italian Portuguese Spanish

New phishing attack uses real ID hooks

Filed under
Security

Workers at hosted security services company Cyota are sharing the details of this more sophisticated form of phishing threat, which forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The security company would not disclose the names of the banks involved in the attacks, but said that its list includes some of the largest financial-services companies in the nation.

According to Cyota, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification.

Phishing is a form of online fraud that has exploded in frequency over the last several years. Typically using large-volume e-mail campaigns, phishers try to trick people into sharing personal information that the thieves then sell or use to commit identity theft. The new breed of attack, however, could have a higher success rate because the e-mails present unsuspecting recipients with accurate information in a document that looks like legitimate bank correspondence.

Cyota co-founder Amir Orad said he believes that the criminals responsible for the personalized phishing attacks have purchased stolen consumer data from other individuals and are trying to get information that's even more sensitive to sell to someone else at a premium.

"The attacks take advantage of poor technological defenses and continued consumer vulnerability, and evidence the work of an organized group with real research-and-development resources," Orad said. "So far, the success rates that we've seen are amazing. People are expecting to see a crude attack that tries to steal their information; they're not expecting to see this much real information as part of the attack."

Full Story.

More in Tux Machines

Open source increase in Swiss public administration

Switzerland’s public administrations are increasingly turning to using open source, according to the country’s IT trade group SwissICT and the open source advocacy group /ch/open. Like in 2012, the two groups have surveyed public administrations and companies in the country. They notice a “high increase in the use of open source software.” Read more

Tails 1.4 RC1 Anonymous Live CD Uses Tor Browser 4.5 and Debian 8 Jessie Sources

The Tails development team announced the immediate availability for download and testing of the first Release Candidate (RC) version of the upcoming Tails 1.4 amnesic incognito Live CD distribution that has been used by Edward Snowden to stay invisible online and browse websites anonymously. Read more

Linux Kernel 4.0 Arrives in openSUSE, KDE Plasma 5.3 and GCC 5.0 Coming Up Next

The openSUSE development team, through Dominique Leuenberger, had the pleasure of informing openSUSE users about what happened last week on Tumbleweed, the rolling-release branch of the openSUSE Linux operating system. Read more

Helsinki to prefer open source IT solutions

The city administration of Helsinki (Finland) will prefer open source software solutions for new IT solutions. The city council on 13 April adopted a new IT strategy, emphasising a preference for open source, especially when developing or commissioning the development of software solutions. Read more