As phishing evolves, criminals switch to malware

Attacks that install malicious software are easier to launch than they've ever been and are clearly on the rise.

The scammers began to see serious problems with their phishing scams sometime around April.

That's when they started realizing that more and more of their phoney "phishing" e-mails were being blocked. Security researchers had spent the previous year closely studying botnet networks of infected computers and they were getting pretty good at blocking many of the fraudulent e-mail messages that were being sent from these systems.

This was creating a problem for phishers -- online fraudsters who set up fake Web sites and try to trick victims into visiting them and giving up their user names and passwords. With fewer of their messages getting through, they had to send out more and more spam to work their scams.

By August phishing gangs homed in on a new way to make a buck.

Instead of asking people to visit a fake Web site, more and more phishers began asking victims to install browser plug-ins or other types of software. To pull this off, they'd send e-mail that comes with malicious software that's supposed to be a security update from a bank. Sometimes they'd simply purchase time on infected botnet computers and install code that steals banking credentials from machines that had already been hacked.

Attacks that install malicious software are easier to launch than they've ever been and are clearly on the rise, said Mickey Boodaei, CEO of Trusteer, a security company that makes desktop security software used by banks. "We're seeing a clear shift from phishing attacks."

Not that anyone thinks that phishing is going away. Attack numbers are still steadily climbing, but e-mail that includes phishing scams has tripled in the past year as phishers have become more technically sophisticated with their attacks, said Dave Jevans, chairman of the Anti-Phishing Working Group. "These are not things that just steal your passwords," he said. "These add you to botnets."

Some of this malware is pretty nasty. The phishers take advantage of their knowledge of banking Web sites to build custom code that runs inside the browser, silently stealing your online credentials, Boodai said. "They're trying to inject HTML pages into sessions with these banks to steal information," he said.

Earlier this month, Trusteer introduced a search tool so that banks and Web site operators can search through this malicious code to see if their domains are being targeted in these attacks.

Major financial brands such as Lloyds, Citibank, PayPal and Bank of America still account for the majority of phishing attacks, but phishers have been steering toward smaller financial institutions whose users may not be as prepared for a fake e-mail. They've also been going after victims outside the U.S. "With the European banks, it's been the worst year they've ever had," Jevans said.

And phishers aren't stopping at malware. They are constantly looking for new areas to hit.

In the past two months Jevans has also seen phishers spoof companies like FedEx and United Parcel Service with attacks that are designed to install malicious software on computers. And, in a worrying development, phishers have also targeted domain name registrars, hoping to steal credentials that could allow them to redirect entire Internet domains to their malicious servers.

Some security experts believe that such a phishing attack may have given criminals access to the CheckFree online payment service's Internet domain earlier this month. In that incident, which came about a month after customers of domain name registrars were hit by phishers, CheckFree customers were redirected to a Web site that tried to install malicious software.

Social-networking sites were also a prime target several months ago, although those attacks have dropped "dramatically," as Web sites responded to the problem, according to John Scarrow, general manager of safety services at Microsoft. "There's really an ebb and flow," to the attacks, he said.

Though the move toward malware has made phishing more complicated for some, there are plenty of newcomers too, according to Don Jackson, director of threat intelligence with SecureWorks. "There's no shortage of education, support, and helping each other in terms of setting up the scams."

Take Mr. Brain. Believed to be a Moroccan hacker, he develops free phishing kits for newbies so they can quickly get into the business. By all accounts, he does a great job, building slick phishing kits for banks that haven't yet been attacked. "He's the premier provider of these free phishing kits," Jackson said. "They're free and they're actually fairly accessible."

While his phishing kits are free, unbeknownst to the amateur criminals who download them, they come with a catch. All of the phishing data logged by these fake Web sites is automatically sent to Mr. Brain too. So the greenhorn phishers end up getting phished themselves.

But that doesn't stop them. The profits are too good, and because phishers can hit victims in faraway countries, many of them operate as if they are outside of the law. And with phishing toolkits and buyers for the stolen credentials easy to find, phishing continues to draw a new generation of criminals.

For them, phishing is easier than ever before, said Sean Brady, senior manager with RSA Security. "If I could call it anything, I'd call it a commodity crime."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags malwarephishing

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?