Financial Daily from THE HINDU group of publications
Thursday, Mar 16, 2006
Financial Daily from THE HINDU group of publications Thursday, Mar 16, 2006 |
|
|
|
|
|
|
|
Info-Tech
-
Security Fraudsters design new phishing technique L.N. Revathy
"All the emails received by consumers would contain links to Web sites that direct the victim to an IP address that hosts the `Smart Redirector'."
NEW DANGER
Coimbatore , March 13
A new phishing technique `Smart Redirection Attack' is on the prowl. Fraudsters have designed this tool to ensure that potential phishing victims always link to a live Web site. With anti-phishing vendors becoming more adept at shutting down phishing Web sites, fraudsters have started to look for ways to minimise the effect it would have on their hit rate. "Analysing the Web sites that are still live and those that would seamlessly redirect users to them seemed the best option for raising the fraudsters stakes," Mr Ross Wilson, Managing Director, (South Asia and India), RSA Security, told Business Line. The RSA Anti Fraud Command Centre (AFCC), while cautioning Net users, has explained that in such an attack, the fraudster created a number of similar phishing Web sites at different locations. "All the emails received by consumers would contain links to Web sites that direct the victim to an IP address that hosts the `Smart Redirector'. When the potential victim clicks on the link, the `Redirector' checks all related phishing Web sites, identifies the live sites and invisibly redirects the user to one of them." When asked how the Smart Redirector checked all phishing Web sites, Mr Wilson said the tool helped fraudsters maintain a database of phishing Web sites targeted at a specific bank. "When a user clicks on the link embedded in the email, that link would take the customer to a phishing site. Fraudsters are aware that once the user identified the site as a fraudulent one, he or she would report the site's address. Then there's a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of emails, the entire mailing list directed to that site would be wasted. But, sending the redirector address (hidden from the consumer), there is every possibility of the victim reaching a live site, for the tool would detect the site without the user having a clue of what is happening behind the scene." The company, he said was involved in monitoring phishing attacks and clamping fraudulent Web sites, immaterial of the number of sites created by the fraudster. According to a recent report published by the Anti-Phishing Working Group, the US topped the list among the phishing Web sites hosting country. The number of unique phishing reports received in August stood at 13,776, while the sites numbered 5,259. The number of phishing attacks had almost doubled from 6,957 in October 2004. The report further stated that the total number of reported attacks were much higher and did not include those that were not reported by either the financial institution or the customer.
Related Stories: More Stories on : Security
Article E-Mail :: Comment :: Syndication :: Printer Friendly Page
|
Stories in this Section |
|
The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription Group Sites: The Hindu | Business Line | Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |
Copyright © 2006, The
Hindu Business Line. Republication or redissemination of the contents of
this screen are expressly prohibited without the written consent of
The Hindu Business Line
|