RSS Alerts

Share

More services

Related Links

  • RSA
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Social engineering: Re-defining the human factor
    Social engineering is a recent phenomenon designed to steal information from unsuspecting users and organisations. Raj Samani examines aspects of the practice and what those with access to this data can do to protect it.
  • Comment: Myths Plague Perceptions of Mobile Malware
    Trusteer’s Amit Klein takes a closer look at mobile malware, exploding the myths and dispelling the fantasies
  • Phishing techniques advanced, says Trusteer
    Trusteer, the in-browser web security specialist, has warned internet users to be aware of a highly sophisticated phishing technique that effectively compromises two-factor authentication (2FA) technology as a means of online banking security.
  • Tax credits result in phishing attacks
    Web browser security firm, Trusteer, has warned that the end of July deadline for filing/updating tax credits is resulting in a raft of phishing emails from hackers.
  • Check Point links with RSA on online attack protection
    Check Point Software has tapped RSA, the IT security division of EMC, for its real-time knowledge of the latest malware, trojan, phishing and other online attacks. The move follows the extension of the 'collective intelligence' data pool by Check Point's ZoneAlarm operation to users of its free IT security software.

Top 5 Stories

News

Chat-in-the-middle phishing attack targets online banking

23 September 2009

RSA, the security division of EMC has discovered a phishing attack it calls ‘chat-in-the-middle’, which targets online banking customers tricking them into divulging username and passwords.

The fraudsters open an instant messaging window that looks like a live chat support, to obtain even more information from online banking customers by posing as a representative of the bank’s fraud department.

RSA said the chat-in-the-middle phishing attack is currently targeting a single US-based financial institution. RSA could not disclose the identity of the financial institution for security reason, but said it had warned the organization and that a standard phishing attack shut-down procedure was commenced.

The phishing attack is hosted on a well-known fast-flux network for ‘hire’ from fraudsters to fraudsters which hosts a range of malicious websites such as phishing websites, Trojan infection points, mule recruitment websites, etc. Fast-flux networks produce an advanced Denial of Service (DoS) technique utilizing a botnet to host and deliver phishing and malware websites.

During the chat, the chat messages are processed in the background through a Jabber module located on a fraudster’s computer. Jabber is an open source instant messaging protocol popular among fraudsters to facilitate the receiving of stolen credentials in real-time.

“The live chat also ensures that the compromised information is delivered to the fraudster in real-time – a necessary feature in an attack scenario that require real-time access to the victim’s account,” RSA said.

In its August 2009 online fraud report, RSA said the number of phishing attacks rose 22% in August 2009 compared to August 2008. Standard phishing attacks were up 2%, whereas fast-flux attacks jumped 38% - the majority of the fast-flux attacks were perpetrated by the infamous Rock Phish gang.

This article is featured in:
Data Loss  • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012