Phishers Becoming More Audacious In Approach

Financial institutions need to realize cyber criminals who target internet users with phishing attempts aren't going away anytime soon, says information security expert Aaron Emigh. "They're moving away from the purely deception based attacks (simple emails in your inbox with links that the phishers want you to click on saying they're your bank) to more insidious, sophisticated crimeware attack vectors where users online identities are stolen, then transactions made with the compromised account information through several ways including DNS hijacking, and other methods." Their target is still your customer's money, account numbers, or credit card numbers, he explained.

> Read the latest research on phishing - Why Phishing Works

They're also becoming more sophisticated in terms of combating the anti-phishing mechanisms that companies, internet service providers and users are putting up to stop them, Emigh said, "In conventional deception attacks, they're using blacklist busting URLs, and it's where it's almost a game of 'Whack-A-Mole' to find and stop the phishing sites. Where blacklists and phishing toolbars are being integrated into browsers, the phishers are using unique subdomains for each group of emails to avoid being put on the blacklists," he explained.

"We're seeing more pharming attacks, and man-in-the-middle attacks which will render the two-factor authentication tokens significantly less effective," Emigh said. Recently, research was released on wireless-based attacks, for example, where a wireless router with a default password, could be compromised and the password changed, and a malicious JavaScript code added to redirect the user to a different website other than their bank's website. Using JavaScript only, this kind of attack can occur. That being said, there are even scarier attacks on the horizon, he said.

Click to Get Updates on the Latest Information Security News