18 January 2018
visit http://response.ncr.com

Phishers targeting phishers

25 January 2008  |  7854 views  |  0 ID Fraud

In a new twist, would-be fraudsters are being scammed by a gang offering free do-it-yourself phishing kits on the Internet, says e-security outfit Netcraft.

The kits are the work of a group of Moroccon fraudsters known as "Mr Brain", says Netcraft's Paul Mutton in a blog. Hidden code embedded in the kits sends any personal information stolen by would-be fraudsters back to Mr Brain.

The gang has launched a Web site offering kits for targets such as Bank of America, eBay, PayPal and HSBC. On offer to potential fraudsters are phishing site code, e-mail templates and other hacking tools. Mutton says the tools and code make it easy and quick for fraudsters to set up phishing sites with only a basic knowledge of PHP programming.

NetCraft says the gang's site claims the kits can be used to steal confidential data such as social security, credit card and PIN numbers. The gang claim the kits are undetectable by Mozilla, Opera and Internet Explorer browsers.

But, what the kits' users don't know is that hidden code sends the stolen details back to the Mr Brain group's e-mail accounts. Mr Brain disguises its e-mail address by exploiting the case-sensitivity in PHP variable names.

"Most fraudsters are unlikely to notice this level of obfuscation and will assume the script is working normally, as they will also receive a copy of any e-mails produced by the script," says Mutton in his blog.

"Such deception is a useful tactic for any fraudster who wishes to maximize the number of successful attacks, as the work of deploying the phishing sites and sending the mails is then carried out free of charge by novice fraudsters on behalf of the author," adds Mutton.

Earlier this month Mutton says he warned of a similar scam involving a kit that targets Bank of America customers.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Natwest most targeted by phishers

Natwest most targeted by phishers

23 January 2008  |  7913 views  |  0 comments
Dutch cops arrest 14 ABN Amro customers as phishing mules

Dutch cops arrest 14 ABN Amro customers as phishing mules

20 December 2007  |  8598 views  |  0 comments
US phishers targeting UK customers

US phishers targeting UK customers

18 October 2007  |  7673 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  8081 views  |  0 comments

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.fivedegrees.nlvisit www.ebaday.comvisit www.thomsonreuters.info

Top topics

Most viewed Most shared
Buffett rubbishes cryptocurrencies; South Korea preps exchange crackdownBuffett rubbishes cryptocurrencies; South...
11846 views comments | 16 tweets | 17 linkedin
Europe begins Open Banking era in subdued styleEurope begins Open Banking era in subdued...
10120 views comments | 32 tweets | 35 linkedin
Crypto mining threatened by power capacity concernsCrypto mining threatened by power capacity...
9826 views comments | 17 tweets | 18 linkedin
Exchanges call for global fintech standardsExchanges call for global fintech standard...
9520 views comments | 17 tweets | 14 linkedin
Wells Fargo to close 900 branchesWells Fargo to close 900 branches
9448 views comments | 14 tweets | 16 linkedin

Featured job

Find your next job