Blog

Cyber-criminals can access free kits to aid them in launching phishing attacks, an online security resource has discovered.

The kits, discovered by PandaLabs, could allow the thieves to send out mass fraudulent emails mimicking bank web pages, online pay platforms and email accounts in order to trick people into handing over financial and personal data.

From the kit a criminal can access two files. One file allows the creation of spoof emails made to look like they have come from official sources and the other allows criminals to create mock-ups of genuine web pages.

The phishing attack takes place when the criminal spams internet users with the email, with a link to the fake web page. Users who follow the link will be asked to enter their personal data. Lists of email addresses can also be purchased from the internet.

Technical director of PandaLabs Luis Corrons said that the amazing thing was that the kits were free.

“Due to the simplicity of the tools, the number of phishing attacks increases, causing companies and consumers large losses,” said Mr Corrons.

Last week spam celebrated its 30th anniversary.

If you enjoyed this post, make sure you subscribe to my RSS feed!

London, 26 November 2007 - Cloudmark Inc., the global leader in carrier-grade messaging security, today announced the results of a survey conducted on its behalf by YouGov, which revealed that public confidence in consumer brands is dramatically affected by phishing attacks, with 42% of people surveyed feeling that their trust in a brand would be greatly reduced if they received a phishing email claiming to be from that company. The survey also showed that the majority of consumers feel that the responsibility for protection against phishing attacks lies with themselves, their service provider and the service provider that transported the phishing emails.

The survey revealed that:

• 42% of respondents surveyed feel that the trust in a brand would be greatly reduced if they received a phishing email claiming to be sent by that brand.
• 41% of those surveyed felt that their trust in a bank would be greatly reduced if they received a phishing email claiming to be from that company, compared to 40% who felt the same for an ISP, 36% for an online shopping site and 33% for a social networking site.
• 26% of those surveyed feel that they are the party most responsible for protecting themselves from phishing attacks, with 23% believing their Internet Service Provider (ISP) or email service provider is the most responsible and 17% thinking that the sender’s ISP and email service provider holds the greatest responsibility.

“Phishing is a highly sophisticated and well orchestrated form of crime. The gangs behind these attacks work to compromise financial information via e-mail scams and then propagate that information into a highly stratified and efficient economy, selling the data on to those who will profit from the accounts,” commented Neil Cook, UK technology chief at Cloudmark. “Earlier this year we conducted research into the effect that phishing has on the individual that found consumers were still extremely concerned about falling victim to such a scam. What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, who rely on a high degree of trust with their customers.”

In addition to the YouGov survey, Cloudmark’s own research team today released results showing that Natwest Bank was the most phished brand in the UK during October 2007. The research was collected using Cloudmark’s user base, which consists of 260 million mailboxes. Cloudmark’s research also indicates that across Europe, the majority of unique phishing websites are created using the top level domain associated with the United Kingdom, .uk.

Read more

If you enjoyed this post, make sure you subscribe to my RSS feed!