12 December 2017
visit www.solutions.lexisnexis.com

Man-in-the-middle phishing kits for sale on the Web

11 January 2007  |  13488 views  |  0 ID Fraud

Security experts at RSA are warning that do-it-yourself man-in-the-middle phishing kits - which automatically create sophisticated phishing sites that circumvent two-factor authentication protection - are being sold by fraudsters on the Internet.

The vendor says its analysts researched and analysed a demo of the kit that was being offered as a free trial on an online forum.

The so-called "universal phishing kit" allows fraudsters to configure attacks for any target Web site without the need for customisation. RSA says once fraudsters acquire and operate this kit, an attack can be configured to "import" pages from any target Web site.

The kit creates a bogus URL that communicates with both the end user and a legitimate company Web site. Spam e-mail is used to dupe customers into entering account data at the fake site, which harvests account details and multi-factor authentication information. This data is then autmatically forward to the legitimate site to access accounts. Any data submitted to the site after the victim has logged into their account can also be stolen.

Marc Gaffan, director of marketing, consumer solutions at RSA, says: "As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets.

"While these types of attacks are still considered 'next generation,' we expect them to become more widespread over the course of the next 12-18 months."

Last year Citibank business customers were targeted by a man-in-the-middle phishing attack. The bogus site used in this scam was found to be operating out of Russia and was shut down.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

UK banks failing to report online fraud - report

UK banks failing to report online fraud - report

05 December 2006  |  7638 views  |  0 comments
Vanguard signs for RSA authentication technology

Vanguard signs for RSA authentication technology

28 July 2006  |  11825 views  |  0 comments
Man-in-the-middle attacks Citi authentication system

Man-in-the-middle attacks Citi authentication system

12 July 2006  |  19363 views  |  0 comments
EMC to acquire RSA Security for $2.1bn

EMC to acquire RSA Security for $2.1bn

30 June 2006  |  9671 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.solutions.lexisnexis.comvisit www.response.ncr.comvisit www.aciworldwide.com

Who is commenting?

Top topics

Most viewed Most shared
Revolut lets customers buy Bitcoin, Litecoin and EthereumRevolut lets customers buy Bitcoin, Liteco...
18630 views comments | 26 tweets | 22 linkedin
Saxo Bank's 'Outrageous Prediction': Bitcoin to peak at $60k next year before spectacular crashSaxo Bank's 'Outrageous Prediction': Bitco...
11556 views comments | 7 tweets | 7 linkedin
Deutsche Bank paper hails 'huge' blockchain potentialDeutsche Bank paper hails 'huge' blockchai...
8062 views comments | 15 tweets | 21 linkedin
Santander UK poaches Barclays innovation chief Michael HarteSantander UK poaches Barclays innovation c...
6843 views comments | 8 tweets | 17 linkedin
Alior Bank to use Open API platform and accelerator to create fintech marketplaceAlior Bank to use Open API platform and ac...
6195 views comments | 19 tweets | 10 linkedin

Featured job

Competitive base, commission, benefits
London, UK

Find your next job