Monday, May 16, 2005

Phishing With Stolen Data

This morning, Rob Hyndman (robhyndman.com - Phishing With Stolen Data) pointed me to an article about a new, more sneaky and sohisticated kind of phishing attack. According to CNet:

New phishing attack uses real ID hooks | CNET News.com:

"Workers at hosted security services company Cyota are sharing the details of this more sophisticated form of phishing threat, which forsakes the mass-targeting approach traditionally used in the fraud schemes in favor of taking aim at individual consumers. The security company would not disclose the names of the banks involved in the attacks, but said that its list includes some of the largest financial-services companies in the nation.

According to Cyota, the phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification...."

Scary stuff.

No comments: