Laser Precision Phishing — Are You on the Bouncer’s List Today?
As we close out 2012, it’s safe to say that phishing has had yet another record year in attack volumes. The total number of phishing attacks launched in 2012 was 59% higher than the total calculated for 2011, up from 279,580 attacks to 445,004, costing the global economy over $1.5 billion dollars in fraud damages. According to RSA research, this amount is 22% higher than the losses recorded in 2011, part of the growing worldwide monetary losses associated with phishing attacks.
Beyond rising attack numbers and the money they harvest, phishing kits are increasingly advancing on the technical level, written by malware authors and black hats. 2012 saw the popular use of kit plugins doing real-time credential validation; or reporting via web analytics tools the success of attack campaigns. And now we’re seeing the more unusual breeds: bouncer list phishing. It holds this moniker because much like many high-profile nighttime hotspots – if your name is not on the list, you’re staying out!
The bouncer phishing kit targets a preset email list for each campaign. A user ID value is generated for the targeted recipients, sending them a unique URL for access to the attack. Here’s the interesting part – much like a night club’s bouncer list – any outsider attempting to access the phishing page is redirected to a “404 page not found” error message. Unlike the usual IP-restricted entry that many older kits used, this is a true—depending on how you look at it—black hat whitelist.
Read this complete post here
Beyond rising attack numbers and the money they harvest, phishing kits are increasingly advancing on the technical level, written by malware authors and black hats. 2012 saw the popular use of kit plugins doing real-time credential validation; or reporting via web analytics tools the success of attack campaigns. And now we’re seeing the more unusual breeds: bouncer list phishing. It holds this moniker because much like many high-profile nighttime hotspots – if your name is not on the list, you’re staying out!
The bouncer phishing kit targets a preset email list for each campaign. A user ID value is generated for the targeted recipients, sending them a unique URL for access to the attack. Here’s the interesting part – much like a night club’s bouncer list – any outsider attempting to access the phishing page is redirected to a “404 page not found” error message. Unlike the usual IP-restricted entry that many older kits used, this is a true—depending on how you look at it—black hat whitelist.
Read this complete post here
This blog was also referenced in the following articles:
Phishing sites use whitelisting to keep out unwanted victims
CSO (1/17/13)
John E. Dunn
http://www.csoonline.com/article/727027/phishing-sites-use-whitelisting-to-keep-out-unwanted-victims
RSA identifies ‘bouncer’ phishing attack
ComputerWeekly (1/18/13)
Warwick Ashford
Cybercrooks send in Bouncer to guide marks to phishing sites
The Register (1/18/13)
John Leyden
Phishing Sites Use Whitelisting Technology to Keep Out Unwanted Targets
SiliconANGLE (1/18/13)
Mike Wheatley
Comments
Post a Comment