Online fraudsters are increasingly using sophisticated "screenscraper" software in their efforts to thwart bank anti-phishing technologies, according to the latest report from the Anti-Phishing Working Group (APWG).
APWG researchers are reporting a marked increase in the use of screenscraper technology by phishers, which has been designed to counter the graphical keyboard systems that some banks are using to protect against the keylogging Trojans.
Earlier this year Citibank said it had added an on-screen keyboard to its Internet banking service in the UK in a bid to protect customers against fraudsters that use key-logging programs. The keyboard appears on screen when customers are asked to enter passwords or answers to security questions. South Africa's Standard Bank has also introduced a virtual PIN pad log-in system to counteract the threat from spyware.
But APWG says phishers are now using screenscraper technology to neutralise these programmes. When the user mouseclicks a character on the graphical keyboard, the screenscraper takes a snapshot of the screen and sends it to the phishers' server for inspection, in one example intercepted by the researchers.
Dan Hubbard, senior director of security for Websense and APWG analyst, says crimeware continues to evolve and advanced techniques are now being used to steal information: "These Trojan horses are moving beyond keylogging to now capture screenshots to obtain end-user credentials."
The APWG says the growth in the use of ID theft crimeware is now eclipsing conventional phishing methods which use spam e-mail to direct users to fake Web sites in order to deceive them into giving personal financial data, or spyware which records customers' logins and passwords.
The organisation received some 14,135 unique phishing reports in July, down slightly from 15,050 in June. In July 2005, 71 brands were reported as being phished, down from a high of 107 different brands being phished in May 2005.
But financial institutions were still the main target of phishing attacks and made up 86% of all phishing targets, down slightly from a recent high of 91%.
The APWG is also reporting an increase in the number of variants and new banking keyloggers in July. There were some 174 phishing-based Trojans detected in July, up from 154 in June.
Phishers were also found to be moving away from traditional marquee name banks last month and targetting a wider base of smaller financial institutions. Peter Cassidy, secretary general, APWG, says phishers have employed Internet marketing practices of list creation and affinity marketing to target and leverage the trust of small institutions.