Posted July 8, 2009
In a recent Phishing: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. attack discovered by Cyveillance, cyber criminals used an individual Web site to attack over 160 banks and credit unions. For the attack, the phisher launched an email campaign soliciting users to click on a link within the email referencing a trusted brand (Neteller). Once clicked, the user would be routed to a Web site that asks the user to select their Bank or Credit Union from a list of 162 institutions. If the user selected an institution and clicked on the continue button, he or she would then be asked to enter personal information related to their account. The information given would later be used by the phisher for purposes of identity theft and other criminal activity.
Screenshot of phishing Website:
Given the numerous financial institutions targeted, this approach clearly demonstrates the sophistication of modern phishers and their ability to go beyond simple one-off attacks targeted at specific victims. By being less discriminative in their approach, these growing bundled phishing attacks significantly increase the likelihood that the phisher’s emails will successfully reach their intended recipients. Users can minimize the potential for falling victim to these types of attacks by never clicking on links within emails and only accessing their online banking applications through their financial institutions’ primary Web site.