Phishing Attacks on the rise

October 2, 2010

A Phishing attack attempts to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a legitimate entity, usually in e-mails or instant messages sent out to unsuspected users.

The messages appear to be sent from banks, financial institutions, online payment processors, IT administrators, popular social web sites, etc., and are designed to lure the unsuspecting into entering personal details at a fake website whose look and feel are almost identical to the legitimate one. These days, cybercriminals are getting more and more sophisticated, and no user input is needed, because a computer can get infected with a virus just by visiting a malicious website.

Most of the time, the links that are being sent seem to be legitimate and originating from the spoofed organization’s website. Misspelled URLs or the use of subdomains are common tricks used by phishers. Uttermost care must be exerted when receiving a message from unconfirmed sources. The way of knowing that the message is legitimate is by looking at the link they want you to click. If it is obfuscated or it is a re-directional link you can be sure it is a phishing attack. No reputable company would ever try to lead customers anywhere else that their own websites.

For example, in the following URL, http://www.yourtrustedinstitution.xxx.com/, it appears as though the URL will take you to the example section of the your trusted institution website, when in fact, this URL is pointing you to the “yourtrustedinstitution” subdomain of the xxx (phishing) website. Another common trick is to make the displayed text for a link (the text between the link tags) different from the real destination, when the link actually goes to the phishers’ site. For example, the following example link, http://www.coca-cola.com/, seems to be leading to the Coca-Cola website, when in fact is leading to the Pepsi-Cola one. The way of finding out the real destination is by hovering over the link and looking at the lower left hand corner of most browsers where you can preview and verify where the link is really going to take you.

Another source of risk is when they send you attachments that downloads a Trojan. Never click on those either, unless you are 100% sure about the sender. And even so, sometimes people spread virus unwittingly.

Don’t take these warnings lightly. According to Symantec, phishing messages were up in July primarily due to a 92 percent increase in phishing sites created by automated toolkits. And PandaLab reports that Cybercriminals are cranking out fake Web sites to the tune of tens of thousands every week. During a three-month study of its global malware database, Panda Security found on average 57,000 new Web sites created each week with the aim of exploiting a brand name in order to steal information that can be used to drain peoples’ bank accounts.

The study found that 375 high-profile brand names were being used for the fraud, with eBay (23 percent) and Western Union (21 percent) together comprising 44 percent of all the malicious Web sites discovered.

Rounding out the top 10 list of exploited brands were: Visa, United Services Automobile Association, HSBC, Amazon, Bank of America, PayPal, Internal Revenue Service, and Bendigo Bank (Australia).


Live Demo: Banking Trojan from Panda Security on Vimeo.

Banking Trojans are one of the most prevalent Malware species in the threat landscape today. Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money. Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market. Day after day innocent victims are hacked with the end result being an emptied out bank account. This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.


More Information: