Phishing attacks act like crooked bouncers

18 January 2013

There's a phishing scam knocking around that behaves like a nightclub bouncer, according to reports. Does that mean it wears a black overcoat with a luminous yellow armband and barks at you to take your drinks back inside?

Either way, phishing attacks aimed at getting your personal information out of you were 59% higher in 2012 than the previous year and researchers reckon that it is costing the global economy over $1.5bn in fraud damages.

And there's been a rise in the phishing scam that has been called “bouncer list phishing” because, ostensibly, it acts like “if your name is not on the list, you’re staying out.” according to Limor Kessem, cyber intelligence expert at RSA.

The bouncer phishing kit targets a list of email recipients and a user ID value is generated for the target, sending them a unique url for access to the attack. Any outsider attempting to access the phishing page is redirected to a 404 page.

“Unlike the usual IP-restricted entry that many older [phishing] kits used, this is a true – depending on how you look at it – black hat whitelist,” Kessem said.

When victims access the link, their name has to be on the list and their "D value is verified on-the-fly as soon as they attempt to browse to the url." And then, validated users find that the kit generates an attack page designed to steal their information.

"These kits, used to target corporate email recipients, can easily be used as part of spear phishing campaigns to gain a foothold for a looming APT-style attack,” wrote Kessem. “Unfortunately, it is entirely up to the webmasters to become more aware of security and ensure that their websites don’t get exploited.”

TOPICS:   Technology   Scams

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment