RSA uncovers stealth attack

Fraudsters are taking advantage of a new phishing kit, which is being sold and used online, that allows them to use content from legitimate web sites to dupe victims.

  • E-Mail
By  Administrator Published  January 25, 2007

Fraudsters are taking advantage of a new phishing kit, which is being sold and used online, that allows them to use content from legitimate web sites to dupe victims.

Information security firm RSA is warning of the ‘Universal Man-in-the-Middle' kit, which allows phishers to launch sophisticated attacks against global organisations by interacting content from their own web sites with a fraudulent URL.

Using the kit, the fraudster creates a fake URL which then communicates on a real-time basis with the legitimate web site of the target organisation. The victim receives a standard phishing e-mail, which directs them via a link onto the fraudulent URL. He then interacts with the genuine content from the legitimate web site - which has been imported by the attack into the phishing URL - giving the fraudster access to his personal information.

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Andrew Moloney, EMEA director of financial services markets at RSA. "While these attacks are still considered ‘next generation', we expect them to become more widespread over the course of the next 12 to 18 months."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code