top links
top shadow		  
lft_mid
Google logorgt_mid
homeswitchstoreEARTHLINK TOOLSMEMBER CENTERtab_rgt
DIAL UPHIGH SPEEDwirelessbusinessextras

Mass Phishing of Retail Electronic Payment Brands | Symantec Connect Community
Screencasts - Hilfsvideos
Suche - Hilfsvideos Close Back
to help

Mass Phishing of Retail Electronic Payment Brands

Created: 15 März 2010
das Bild der Mathew Maniyaras
Mathew Maniyara
Symantec Employee
0 0 Stimmen
Bitte loggen Sie sich ein, um abzustimmen

In the past couple of months, Symantec has observed a mass phishing attack on two major brands that provide retail electronic payment services for banks across the globe. Legitimate retail electronic payments using credit and debit cards are the most common means of financial transaction over the Internet, and so the phishing of these brands potentially affects a large number of vulnerable customers.

Phishers initiated a massive attack that made up 4.4 percent of all unique phishing websites in February. (Fraudsters developed the phishing websites in non-English languages as well, with French being the most utilized.) The phishing websites were targeted toward customers by spam mails containing the subject “your XXX card 4XXX XXXX XXXX XXXX: possible fraudulent transaction ID.” Customers could be tricked into entering their confidential information in the hopes of protecting themselves from fraudulent activity.

There were two distinct types of phishing websites observed in the attack:

1.    The first type was created using automated phishing toolkits. The URLs were created with randomized domain names with multiple top-level domain (TLD) variants. The most common TLD utilized was ‘.cz’, which represents the Czech Republic. In this case, customers are asked to enter their sensitive information into a “Card Holder Form” page to complete the fake verification process. Upon entering the information, the page redirects to the legitimate website.

Below is the screenshot of the attack from automated phishing toolkits:

Screen shot 2010-03-16 at 12.11.30 AM.png

2.    The second type of attack consisted of URLs with IP domains. The IPs were hosted on US-based servers. The URL strings were found to be very long, usually with more than 700 characters. In these attacks the page asked for sensitive information, but the credit or debit card number was auto-assigned. The auto-assigning of the customer’s card number is achieved by placing stolen card numbers from previous phishing attacks into the form. When the user enters their information, the page redirects to a blank page.

Below is the screenshot of the attack using IP-based domains:
 
Screen shot 2010-03-16 at 12.11.46 AM.png

Internet users are advised to follow best practices to avoid phishing attacks. Here are some basic tips for avoiding online scams:

•    Do not click on suspicious links in email messages.
•    Check the URL of the website and make sure that it belongs to the brand.
•    Type the domain name of your brand’s website directly into your browser’s address bar rather than following any link.
•    Frequently update your security software, such as Norton Internet Security 2010, which protects you from online phishing.

----------------------

Note: My thanks to Rohan Shah, co-author of this blog.

Kategorien für Blog-Eintrag:
, , , ,

Technischer Support

Symantec.com

Online-Shop

Community-Statistiken

Inhalte gesamt
Mitglieder
269,063