Whaling Attacks Re-emerge, Researchers Get Alert

Proofpoint researchers are warning about phishers using highly sophisticated techniques of targeting wealthy end-users and high-profile executives, crafting fake messages appearing to be ever more convincing.

This is not the first time that specific users or organizations are being targeted with false messages. But as phishers practice more and more, they get better with their researching of targets of wealthy and influential people on the Internet, a practice called 'whaling'. They then apply that research to write social engineering e-mail messages that are nearly impossible to ignore.

Phishers also use easily available kits of the plug-and-play type. The kits contain templates having the appearance and logos of legitimate companies or banks to be used for waging phishing attacks. But before that, phishers simply need to collect the e-mail addresses of his target victims. However, some attackers might be craftier than the rest.

According to Vice President of Product Management, Andres Kohn, at Proofpoint, some messages observed recently address the user by his or her name and some even refer to the real estate the recipient owns. Darkreading published this on January 29, 2008.

The researchers also discovered that sometimes, the kits carry a stealthy payload of a backdoor of their own that let the kit developer to steal his client's phished information. The phishing e-mail is delivered to the victim targeted through the relevant social network. Once the victim opens the e-mail, his login details are forwarded to the scammer's Web page.

Researchers also had a glimpse of the tactics used in the phishing world and were surprised at how phishers distribute stolen bank account numbers, PIN of debit card, credit card numbers, Social Security numbers, and other private and sensitive data.

They said that it is cyber criminals' conventional wisdom of how they are improving in sophistication and professionalism, with organized crime gangs backing them.

While the system is more novel and reminds of the traditional kits for virus construction of the 1990s, it shows how large social networks would become targets. In a year or two, possibly 2008 or the next year, there could be a significant attack emerging from one such social network.

» SPAMfighter News - 2/8/2008