Arms Race ?
As with anything the bad guys do, they react to anything we do to try to prevent them from having success. One of the things we told our users was to ignore alerting messages that their bank (and any other bank they are not a customer of) seems to send them and tells them their account has been abused. It seems that it is finally having it's effect as the phishers are changing tactics.
These kind of arms races require us to increase awareness constantly and to make users more resilient all the time. If we fail this our users, customers, ... will fall prey and we will have failed our users and/or customers in the end.
Example of one of these new phishing attempts
From: Chase Manhattan Bank
It was formatted much more fancy in html, but I chose not to show that here.
Of course the link in there doesn't go to anything owned by JPMorgan Chase & Co.
Now let's have a look at that website collecting so called "non-sensitive and anonymous" information.
It starts out all rather innocent
but then it goes on to ask you more details. Details that are far from non-sensitive and anonymous. But remember the psychology: the user just has answered a whopping 5 questions and is now going to get his 20 bucks. He'll even sell his mother for it, or at least tell them her name along with what is going to cost him much more than that 20 bucks he'll never get.
The details they want to know:
New tactic: better serversUnfortunately they are also getting better on the technology side:
chaseonline.new-reward-survey.us. 600 IN CNAME premium.geo.yahoo.akadns.net.
The not so good news goes on:Worst of all the responses you receive when reporting these things to the abuse contacts of some service providers is so far below par that getting this shut down in a hurry isn't likely. I hope the banks have a bit more pull than this handler.
Yes I know that exposing this more publicly will increase the odds that other rivaling groups will start to use these techniques as well, but after having received half a dozen of these myself my guess is that they already know.
Swa Frantzen - Section 66
Mar 12th 2006
1 decade ago