This week, we upgraded our Brand Abuse Lure Protection service to provide comprehensive protection against all cybercrime email lures that abuse the brands of our clients.
Over the past few months an abundance of point-of-sale (POS) attacks on major retailers has left millions of consumers’ personal account information vulnerable. The Home Depot, Goodwill, Supervalu grocery chain, Dairy Queen, and the UPS Store were all recently in the spotlight for POS terminal attacks where memory-scraping malware was installed to nab customer information. What is the cause of the uptick in POS attacks and what can be done to mitigate future attacks?
Have you ever received this message when logging into an account? Chances are you have and you likely blamed the “error” on yourself. What did you do next? You probably carefully typed each letter of your password to ensure accuracy. After reading this post, we hope you will think twice about the next request to “please try again.”
With an increase in phishing activity (APWG recently reported a 10.7 percent increase), also comes evolving tactics of deceit. In the past month, PhishLabs' R.A.I.D. (Research, Intelligence, and Analysis Division) observed the rise of intentional errors into scammers' playbooks.
PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.
What to look for
Emails associated with this campaign follow this characteristic pattern:
New MitM attacks impersonate banking sites without triggering alerts
PhishLabs has observed a new wave of "Man-in-the-Middle" (MitM) attacks targeting users of online banking and social media. Customers of more than 70 different financial institutions are being targeted.
In a previous post, I explored how fraudsters go about staging phishing attacks. This post reviews how, once staged, phishing attacks are launched.
With the phishing site now staged and active, the cybercriminal needs to trick customers of the targeted institution into visiting the site and divulging credentials and other sensitive information. This means:
- setting up an emailer (or spamming tool)
- gathering a list of target emails
- crafting convincing phishing email messages.
A few weeks ago, we took our first look into Pharming. We saw some basics about how it can be accomplished and detected. Let’s now take a bit of a deeper dive into the technical aspects that drive it and start talking in more detail about how we can detect and mitigate these types of attacks.
But before we discuss the details of how these attacks work, it is important to understand how a computer obtains an IP address (which is used to actually initiate a connection to a website) from the domain within a URL (such as https://login.mybank.com/online/login.html). When a Web user attempts to navigate to a site, their computer can determine an IP address by either consulting a local file of defined mappings, called a hosts file, or by consulting a DNS server on the internet.
APWG has published the recap and analysis of phishing activity in Q3 of last year. Here are some of the highlights from the APWG Phishing Activity Trends Report for the 3rd Quarter of 2013:
- The volume of phishing attacks rose 20 percent from Q2.
- There were more than 143,000 unique phishing websites detected in Q3.
- The number of brands targeted each month averaged ~390 during Q3.
Almost every day I speak with a bank somewhere about phishing. I ask them how much of a threat is it, what are they doing about it, and how does it affect their business. Surprisingly, the answers I get vary quite a bit from one organization to another. Most are concerned about the costs of fraud losses. In the US, due to Regulation E, banks must make customers whole when their account is compromised and funds are stolen. Many banks are also concerned about the costs of dealing with phishing and similar attacks. The overhead costs due to fraud are significant. Call centers, fraud investigations, suspicious activity reports (SARS), and other bank functions are involved in managing fraud. Interestingly, not all of the banks we speak to are focused on the brand and reputation effects of phishing as they should be.
PhishLabs has discovered a new variant of a common phishing page that prompts users to upload a scanned copy of their driver’s license and telephone bill. The scam detected targets customers of a large US bank.