Most Read
- SEC Short Sale Rule Could Create a Bubble in Financial Stocks
- Wall Street Outsourcing to New, Exotic Corners of the Globe
- Analytics Help Firms Turn Data Into Opportunity
- Cisco Global Exchange Study Ranks Latency Among Top Success Factors in Competitive Race
- DTCC, Markit to Create Single Point of Derivatives Confirmation
- BlackRock To Acquire Analytics Software Company
- NYC Financial Firms to Get New Disaster Recovery Data Center in Pennsylvania
- Deutsche, Merrill Reveal Recession-Proofing IT Strategies
January 11, 2007
New Phishing Threat Discovered
Cory Levine, Wall Street & Technology
The cat-and-mouse continues, as researchers yesterday uncovered a new phishing technique being shared in the fraud community, which will enable criminals to bypass multi-factor authentication technologies. Analysts in the 24x7 Anti-Fraud Command Center operated by RSA discovered what they are calling the Universal Man-in-the-Middle Phishing Kit being sold in online forums. After analyzing a demo version of the kit, RSA concluded that this new user-friendly flavor of phishing could become big in the next 12 to 18 months.
Using the kit, fraudsters can easily create a fraudulent URL that communicates with the legitimate Web presence of the targeted organization, be it a financial institution or otherwise. In doing so, when victims clicks on the URL provided in the phishing e-mail, they then interact with the legitimate Web site via the fraudulent URL.
The difference between this type of attack and previous phishing techniques is that in prior attacks, typically victims were only asked to provide login or card-related credentials, which were then recorded by fraudsters. With the new phishing kit, because users are interacting with a legitimate Web site, victims have the ability to log on and perform any type of transaction they wish. All the while, criminals are intercepting this activity as well as any further credentials provided by the victim, culling sensitive information in real time, allowing criminals to wait for users to authenticate themselves using multi-factor techniques.
The phishing threat, in order to stay effective in the wake of industrywide multi-factor authentication implementation, needed to morph into a tactic with closer alignment to the legitimate target. The exposure of the phishing threat in media and through customer education efforts by companies through 2006 was damaging to the efforts of fraudsters. Further blurring the line between the threat and the actual business was the only way phishing could remain relevant as consumers caught on to the hoax. Security professionals need to begin disseminating this information to customers immediately and reinforce their policies and procedures for online solicitation before this new mutation of the phishing threat has material consequences.
Posted by Cory Levine at 11:51 AM
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Greg MacSweeny Columns
Greg MacSweeneyIn a Matter of Months, CIOs’ Agendas Turned Upside Down
Early in the summer of 2007, Wall Street was counting its good fortune. In early summer 20...
Former CIO Gavazzi Launches Risk Alert Provider
Where Are They Now? Life After Wall Street
Where Are They Now? Mitchel Lenson, Former Deutsche Bank Group CIO
Larry Tabb Columns
Larry TabbClearing and Settlement Top-of-Mind for Front-Office Execs
In addition to the excitement in the U.S., the real focus is occurring in Europe, where th...
Risk Management IT Comes to the Forefront in the Wake of Subprime Credit Crisis
In a Tumultuous Economy, Wall Street Must -- and Will -- Find a New Model
CHECK THIS OUTNovell Real Time Linux Webcast SeriesIn order to succeed, companies must be able to respond quickly, deliver superior value and quality of service, and carefully manage their costs. In this series of brief webcasts, you will learn how SUSE Linux Enterprise Real Time from Novell enables organizations to respond quicker by delivering low latencies, deliver increased value with fast response times, and better manage costs. |
EventsLive Events:Accelerating Wall Street 2 October 02, 2008  Buy-Side Trading Summit 2008 November 16-18, 2008 |
White PapersLevel 3 Connectivity KitStay ahead of the bandwidth curve. The Level 3 Connectivity Kit provides full resources to help you make informed decisions regarding your network infrastructure. Download the Data Center Networking Strategies for Financial Services Firms White Paper; Business Class Ethernet: Trends in Perspective eBook and BC/DR Best Practices for the Data-Intensive Enterprise Gartner Webcast Surviving and Thriving in a Challenging Market Learn how financial services firms can use customer-centric strategies and tools to maximize client value and loyalty, gain insight into new opportunities, and do more with less, counteracting market volatility. |
Marketplace |
Career CenterReady to take that job and shove it?
|
Most Recent Job Posts:
* Lowe's seeking Manager of IT Research in Mooresville, NC
* Hebrew Senior Life seeking Senior Informatics Analyst in Roslindale, MA * UCLA seeking Programmer/Analyst IV in Los Angeles, CA * T-Mobile seeking Program Manager 3 in Snoqualmie, WA * Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA For more tech jobs in the industry, visit Wall Street & Technology's Career Portal. |
