Phishing Attack On Banks Soars
A report released in March 2008 by RSA, the specialist in security software, warns that phishing attacks targeting banks and their clients all over the world increased constantly during the recent few months.
According to the report, there were as many as 188 banking brands that phishers targeted in February 2008, potentially increased from 153 in August 2006.
The report cited Germany where over 90% of Internet banking frauds occur directly due to Trojans. The picture is similar for Switzerland, Benelux and other countries. However, most of the targeted banking brands belong to the US, accounting for 59% of the attacked entities. The UK ranks second, with 12% of the targeted brands, while countries like Ireland and Brazil have made their first appearance as destinations for similar purposes this April (2008).
Security experts say that with the rising incidents of Internet banking scams, the traditional type of phishing schemes are receding, mostly because of an effective education campaign. Users are now very cautious and cannot be duped. But, the new trojans can still steal bank account information from consumers. Further, they are also becoming increasingly prevalent as is evident from F-Secure's data that shows an increase of ten times more over the past three years.
According to security experts, of the many techniques of the banking Trojans, the most frightening one is "man in the browser." In this, the Trojan waits for a prey and as the user enters his credentials to begin a session of online banking, then having found a suitable opportunity the malware adds one or two of its own transactions without the user's knowledge.
Security experts say that sometimes the Trojan might actually inject an HTML code into the Website of the bank. For instance, below the username and password areas, it might add spaces for the replies to two secret queries of the user. Consequently, as the user submits her or his credentials, they along with the bank also go to the hacker. This data then helps the malefactors to transfer the user's deposits to a fake account. But, when the robbery is found the entire blame lands up on the doomed "money mule."
Related article: Phishing With A Redirector Code
» SPAMfighter News - 17-04-2008