SurfControl, plc (LSE: SRF), the global leader in Internet content protection, today said that its Global Threat Experts have identified a phishing scam with a unique twist -- rather than phishers
attempting to redirect recipients to fraudulent Web sites which harvest passwords and account information, this phish targeting the Chase Bank customers, uses only a telephone number as a method of contact.
wish to irrationally alarm recipients into providing sensitive information without thinking clearly about the repercussions.
EarthLink , one of the nation's largest Internet service providers, today launched TotalAccess(R) 2005 for Macintosh and announced that it has become the first major ISP to provide both a phisher
site blocking application, ScamBlocker, and real-time RSS feed, free-of-charge, to Macintosh users.
The information collected by the phishers
is often used to conduct traditional fraud.
EarthLink is also working closely with eBay(R), the World's Online Marketplace(R), and Brightmail, the anti-spam market leader(TM), to identify and block other known phisher
This way, a phisher
can infect dozens, hundreds, or even thousands of websites at one time.
In May of 2005, EarthLink's abuse team began identifying phisher
site e-mails on its network that used a variety of methods including fake "greeting card" e- mails, bogus prize-winning announcements and account cancellation messages to trick consumers into providing credit card numbers and other personal information.
This APWG advisory explains the most important incident response measures that can be taken to remediate website hacking by phisher
in the areas of identification, notification, containment, recovery, restoration, and follow-up when an attack is suspected or confirmed.
This online resource builds on the ISP's phisher
- blocking technology and provides information to understand and identify phisher
The longer a phishing site remains online, the more identities and money the phisher
is able to steal from unsuspecting victims," said Mr.
Our security analysts immediately began investigating the malicious email being sent to the bank's customers, and after decoding the email found that the phisher
was using various types of redirect methods to obscure the true phishing site.
This e-mail can also be easily copied by the phisher
Laura Mather, Senior Scientist at MarkMonitor and Managing Director of Operational Policy for APWG said, "We are seeing executives of companies receiving specially targeted emails that attempt to do two things: 1) Install malware to give the phisher
access to the corporations' systems and 2) Gain access to the corporations' bank accounts.
demonstrates that all one-time password systems, such as time synchronous tokens, can be easily compromised by man in the middle phishing attacks -- which require very little technical sophistication on the part of the phisher
The web-site they are directed to does not belong to the bank, but has been set up by the phisher
to look exactly like the bank's real web-site.