In a recent Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attack discovered by Cyveillance, cyber criminals used an individual Web site to attack over 160 banks and credit unions. For the attack, the phisher launched an email campaign soliciting users to click on a link within the email referencing a trusted brand (Neteller). Once clicked, the user would be routed to a Web site that asks the user to select their Bank or Credit Union from a list of 162 institutions. If the user selected an institution and clicked on the continue button, he or she would then be asked to enter personal information related to their account. The information given would later be used by the phisher for purposes of identity theft and other criminal activity.
Screenshot of phishing Website:
Given the numerous financial institutions targeted, this approach clearly demonstrates the sophistication of modern phishers and their ability to go beyond simple one-off attacks targeted at specific victims. By being less discriminative in their approach, these growing bundled phishing attacks significantly increase the likelihood that the phisher’s emails will successfully reach their intended recipients. Users can minimize the potential for falling victim to these types of attacks by never clicking on links within emails and only accessing their online banking applications through their financial institutions’ primary Web site.