The RSA Anti-Fraud Command Center (AFCC) has issued a warning about a new phishing technique known as a Smart Redirection Attack. This newly-identified type of attack is designed to ensure potential phishing victims always link to a live website. So far there have been two separate attacks detected on two different banks – one based in the U.K. and the other in Canada.
For a Smart Redirection Attack, the fraudster creates a number of similar phishing websites based at different locations. All of the emails received by consumers contain links to web sites that direct the victim to an IP address that hosts the 'smart redirector'. When the potential victim clicks on the link, the 'redirector' checks all related phishing websites, identifies which sites are still live, and invisibly redirects the user to one of them.
The Thinking Behind the Scam
Fraudsters are aware that once a user identifies the site as fraudulent, he or she will report the site's address. Then there's a good chance that someone will shut it down. If the fraudster has used a single address for an entire batch of emails, the entire mailing list directed to that site would be wasted. However, sending the redirector address (hidden from the consumer) assures that the victim will always reach a live site.
Naftali Bennett, senior vice president at RSA Consumer Solutions, commented: "As anti-phishing vendors become more adept at shutting down phishing websites, inevitably the fraudsters are looking at ways to minimise the effect this has on their hit rates. Analysing which websites are still live – and seamlessly redirecting users to them – seems like a good way to raise the stakes.
“These phishing emails look no different than any other. All the action takes place behind the scenes, so as always users need to remain vigilant. Technology also plays a big part in preventing sophisticated attacks like these, and companies like RSA Security are constantly monitoring phishing attacks and the Internet as a whole, making them increasingly adept at closing fraudulent websites down – no matter how many the fraudster has created."
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
