Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

11:51 AM
Cory Levine
Connect Directly
RSS
E-Mail
50%
50%

New Phishing Threat Discovered

Cory Levine, Wall Street & Technology The cat-and-mouse continues, as researchers yesterday uncovered a new phishing technique being shared in the fraud community, which will enable criminals to bypass multi-factor authentication technologies. Analysts in the 24x7 Anti-Fraud Command Center operated by

Cory Levine, Wall Street & Technology

The cat-and-mouse continues, as researchers yesterday uncovered a new phishing technique being shared in the fraud community, which will enable criminals to bypass multi-factor authentication technologies. Analysts in the 24x7 Anti-Fraud Command Center operated by RSA discovered what they are calling the Universal Man-in-the-Middle Phishing Kit being sold in online forums. After analyzing a demo version of the kit, RSA concluded that this new user-friendly flavor of phishing could become big in the next 12 to 18 months.Using the kit, fraudsters can easily create a fraudulent URL that communicates with the legitimate Web presence of the targeted organization, be it a financial institution or otherwise. In doing so, when victims clicks on the URL provided in the phishing e-mail, they then interact with the legitimate Web site via the fraudulent URL.

The difference between this type of attack and previous phishing techniques is that in prior attacks, typically victims were only asked to provide login or card-related credentials, which were then recorded by fraudsters. With the new phishing kit, because users are interacting with a legitimate Web site, victims have the ability to log on and perform any type of transaction they wish. All the while, criminals are intercepting this activity as well as any further credentials provided by the victim, culling sensitive information in real time, allowing criminals to wait for users to authenticate themselves using multi-factor techniques.

The phishing threat, in order to stay effective in the wake of industrywide multi-factor authentication implementation, needed to morph into a tactic with closer alignment to the legitimate target. The exposure of the phishing threat in media and through customer education efforts by companies through 2006 was damaging to the efforts of fraudsters. Further blurring the line between the threat and the actual business was the only way phishing could remain relevant as consumers caught on to the hoax. Security professionals need to begin disseminating this information to customers immediately and reinforce their policies and procedures for online solicitation before this new mutation of the phishing threat has material consequences.

Register for Wall Street & Technology Newsletters
Video
All Videos
Trading Floors
Slideshows
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.
More Trading Floors