Home / RSA uncovers stealth attack

RSA uncovers stealth attack

Fraudsters are taking advantage of a new phishing kit, which is being sold and used online, that allows them to use content from legitimate web sites to dupe victims.

Fraudsters are taking advantage of a new phishing kit, which is being sold and used online, that allows them to use content from legitimate web sites to dupe victims.

Information security firm RSA is warning of the ‘Universal Man-in-the-Middle' kit, which allows phishers to launch sophisticated attacks against global organisations by interacting content from their own web sites with a fraudulent URL.

Using the kit, the fraudster creates a fake URL which then communicates on a real-time basis with the legitimate web site of the target organisation. The victim receives a standard phishing e-mail, which directs them via a link onto the fraudulent URL. He then interacts with the genuine content from the legitimate web site - which has been imported by the attack into the phishing URL - giving the fraudster access to his personal information.

"As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets," said Andrew Moloney, EMEA director of financial services markets at RSA. "While these attacks are still considered ‘next generation', we expect them to become more widespread over the course of the next 12 to 18 months."