28 April 2017
Visit EBAday.com

Crooks dupe fellow cons into doing their phishing for them

23 July 2010  |  7371 views  |  0 ID Fraud

A pair of cybercrooks have posted a phishing kit on hacker forums that lets them steal the data gleaned by those who download and use it, says security outfit Imperva.

Imperva says the phishing kit helps crooks set up fake sites purporting to belong to organisations such as banks to dupe personal and financial data from victims.

However, unknown to these hackers, the creators of the kit use a built in back door to harvest all the credentials. While the proxy crooks may find some success before their phishing sites are closed down, the masterminds gets everything without needing to conduct an open campaign.

The cloud-based approach of the kit - developed in Algeria with Arabic tutorials but itself in English - makes it far harder to shut down than normal phishing scams, says Imperva.

In traditional schemes when you take down a server you affect not only the Web page but also the back end data collection capability. In the cloud version, data collection is hosted separately from the sites which means hackers only need to repost the front end in a new location to be back in business.
KeywordsPHISHING

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

PayPal tells users to download anti-phishing software

PayPal tells users to download anti-phishing software

09 March 2010  |  15472 views  |  4 comments
Phishers net EUR3m in carbon markets attack

Phishers net EUR3m in carbon markets attack

04 February 2010  |  6712 views  |  0 comments
Phishing bust sees 100 charged in US and Egypt

Phishing bust sees 100 charged in US and Egypt

08 October 2009  |  7207 views  |  0 comments
Banks face legal challenge to disclose phished account details

Banks face legal challenge to disclose phished account details

26 August 2009  |  4938 views  |  0 comments
CBA takes NetBank offline as phishing activity spikes

CBA takes NetBank offline as phishing activity spikes

29 June 2009  |  8929 views  |  0 comments
Phishing attacks surge in 2008

Phishing attacks surge in 2008

20 February 2009  |  12204 views  |  2 comments

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comvisit dh.comvisit vasco.com/news/PSD2-compliant-solutions

Top topics

Most viewed Most shared
Six global banks join Swift DLT trialsSix global banks join Swift DLT trials
7584 views comments | 15 tweets | 36 linkedin
BBVA steps up fintech acquisition strategy with purchase of OpenpayBBVA steps up fintech acquisition strategy...
6864 views comments | 17 tweets | 16 linkedin
Token raises $15.7 million as PSD2 approachesToken raises $15.7 million as PSD2 approac...
5869 views comments | 20 tweets | 20 linkedin
Should central banks open up payment and settlement systems to non-banks?Should central banks open up payment and s...
5736 views comments | 22 tweets | 21 linkedin
hands typing furiouslyMobile Technology, Its Importance, Present...
5544 views 0 | 2 tweets | 1 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job