Could Phishing Expeditions Stop Cold with Deeper Insight?
Easy Solutions, a fraud protection company, recently did some research into phishing attacks against a Top 25 US Bank during a three-month period. From September of 2015 until December, it seems these “phishermen” were quite busy. What’s most alarming is that these attacks were done during a season that leaves us most vulnerable to attack and where many of us won’t even realize that have been a victim until much later on.
During such a busy time in commerce, many of us won’t even know we were victims until much later down the road. This next bit of information might tell us why.
Easy Solutions broke down over 3,030 cases at just that one bank. What’s most interesting about this finding is that in each case, the common denominator was that each instance targeted around 190 people on average.
If we factor in how many banks there are – not just in the United States, but all over the world – and consider that this is a yearlong plague, we start to see the bigger picture.
Easy Solutions grouped the attacks into three main categories. Parameters were based on how sites were created as well as whether or not the domains are registered – including the domain provider and the location of each server.
The company decided that many of these sites were created as traps, only meant to serve a few stragglers at a time. These people would accidently stumble upon the site or be directed there through some other devious means. And, it has been proving successful.
Each group of sites were then broken down. Location was a big factor in the next step of the process. Other factors were Whois information, the types of phishkits used and the strategy for getting people to the site.
Daniel Ingevaldson, CTO of Easy Solutions, states, “When institutions can more effectively characterize their attackers, they can then more successfully combat phishing attacks – by tuning consumer education campaigns, changing web site countermeasures, or adjusting risk scoring during phishing campaigns.”
Armed with new information, consumers can better differentiate between a genuine source and a scam. They will know which sites to stay away from, and gain confidence in those that they trust.
In a day where we are including our entire business on a cloud platform, there are still many that refuse to use their credit card online for these purposes. Institutions, such as the IRS, PayPal (News - Alert) and Bank of America, are repeat victims of fraud. Customers and those who aren’t even affiliated with the organizations are often tricked through scare tactics and extortion strategies.
By understanding the source, it’s easier to shut fraud down – one scammer at a time. By better understanding domains and locations that are frequently associated with this fraud, it’s easier to pinpoint all source of fraud on a regular basis… stopping it cold in its own tracks.
Edited by Maurice Nagle