Monday, May 16, 2005

Rumor of Increased Sophistication in Phishing

Cyota, which is a security services company, is reporting a newer more "sophisticated" type of phishing attack. This attack uses stolen consumer data (identities) to obtain specific banking information, which in turn is used to steal the money of the victim. Cyota will not disclose the names of the banks, but intimated that they are some of the largest financial service providers in the country.

Fraud e-mails are being sent to targeted individuals (victims) that contain bank account numbers, personal identification numbers (PINS) and other personal security data. The victims are then solicited for whatever additional information is needed to steal their money.

In the recent past, we have seen large amounts of information stolen from data bases:

LexisNexis/Seisint (310,000 people)
DSW Shoe Warehouse (1.4 million people)
ChoicePoint Inc. (145,000 people)
Polo Ralph Lauren (180,000 people)

In the post preceding this, I told of a case where 9,000 people's identities were stolen from "Merlin Information Services". Merlin provides information to law enforcement and a wide range of investigative and collections personnel.

Recently, the latest threat in "Phishing" has been keyloggers. Phishing is becoming one of the most prevalent forms of on line fraud. Here is a previous post on them.

Note that if you search the internet, they are openly sold to spy on children, spouses and employees. You will also see a lot of "anti keylogger" ads selling you software to see if someone is spying on you. Sometimes, I am amazed at all the programs sold on the internet touting the ability to spy on people. Quite frankly, in the wrong hands, they can be dangerous.

Given these developments, a prudent person should verify all electronic and voice solicitations for information, even if it appears the person on the other end already has their "security information".

No comments: