iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > RSA Says They've Found A New Phishing Lure
Search:
[ news_security_news ]

RSA Says They've Found A New Phishing Lure





2006-03-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


RSA Security said on Thursday they found a new technique phishermen are using to game users in response to more concerted efforts in identifying and shutting down phishing sites.

The new attack, called Smart Redirection Attack, is set up to guarantee potential victims always link to a live website. Attacks on two different banks, one in the UK and other in Canada, have been detected.

RSA said the attack works this way:

For a Smart Redirection Attack, the fraudster creates a number of similar phishing websites based at different locations. All of the emails received by consumers contain URLs that direct the victim to an IP address that hosts the 'smart redirector'. When the potential victim clicks on the link, the 'redirector' checks all related phishing websites, identifies which sites are still live, and invisibly redirects the user to one of them.

Fraudsters are aware that once a user identifies the site as fraudulent, s/he will report the site's address, and there's a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of emails, the entire mailing list directed to that site would be wasted. However, sending the redirector address (hidden from the consumer) assures that the consumer will always reach a live site.

Naftali Bennett, senior vice president at RSA Cyota Consumer Solutions, commented: "As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimize the effect this has on their hit rates. Analyzing which websites are still live - and seamlessly redirecting users to them - seems like a good way to raise the stakes.

"These phishing emails look no different than any other: all the action takes place behind the scenes, so as always users need to remain vigilant. Technology also plays a big part in preventing sophisticated attacks like these, and companies like RSA Security are constantly monitoring phishing attacks and the Internet as a whole, making them increasingly adept at closing fraudulent websites down - no matter how many the fraudster has created."

Add to | DiggThis| Yahoo My Web



Get all the updates - click this link:

Tag:


About the Author:


More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds