Hackers' Favorite Phishing

By Raju Shanbhag

TMCnet Contributing Editor

 

This is a first of sorts in the history of Internet, but this is not something that will make the companies across the world happy or elated. In fact, this should make them sit up and take notice!

 

For the first time, phishing attacks have outpaced e-mails infected with viruses and Trojan horse programs. According to security mail services vendor MessageLabs, one in 93.3 e-mails (1.07 percent) was a disguised phishing attack while one in 119.9, or 0.83 percent e-mails were infected with viruses. This is mainly because virus attacks have become more targeted and user specific rather than being the vehicles of large outbreaks. Recent viruses like Storm Worm and Warezov were targeted at specific groups rather than attacking e-mail users randomly.

 

At the same time, phishing attacks have become more sophisticated. As banks and online merchants worldwide are increasingly adopting a two-factor authentication policy, "man in the middle" types of sophisticated phishing attacks are on the rise. Two-factor authentication involves the user entering pseudorandomly generated codes and a password. This method of authentication was developed after hackers used keyloggers to get the password and broke into the accounts. This pseudorandomly generated code can be used only once.

 

The hackers have found a new workaround for this authentication tool. The man-in-the-middle attack hijacks a user session and users are lured into visiting a spoofed portal. This portal is hosted on a compromised machine and once the information is entered, such bank details and codes are relayed to the to the real bank site. Once the users have validated their identity on the real system by way of the compromised relay, hackers take over the session.

 

To make the phishing e-mails more believable, they are becoming more personalized. While earlier attackers just sent phishing e-mails to a randomly selected list, nowadays these messages contain details about the banks, which the receiver actually uses. Also, many phishing Web sites are now using Flash content rather than HTML to escape anti-phishing technology deployed in modern Web browsers.

 

According to security experts, e-mails containing malicious attachments may decrease. But that does not mean attacks are on the decline; it simply indicates that e-mail attacks are now changing their modus operandi. Instead of containing a malicious attachment, they will ask the user to type in the personal details or download a program, which contains malicious software.

 

A person engaged in phishing activities masquerades as a trustworthy person and lures the user into disclosing the sensitive information such as passwords and credit card information. Although phishing generally uses e-mails and Instant Messaging, in rare cases, the use of phone is also witnessed.

 

One of the most common groups that the phishing targets are the credit card users and bank account holders who carry on online transactions. Research has shown that phishing attackers may secure the type of relationship a customer has with the bank and then use this data to send an appropriate spoofed email to the victim.

 

As attackers get more and more sophisticated the security agencies and the banks are trying their best to keep pace. But it will require assistance from the end users to at least decrease these types of attacks, if not completely eliminate them.

 

 

-----