Content

Fraud-based phishing scams rocket

A newly discovered category of fraud-based sites, which collect similar information to traditional phishing sites while promising victims a merchandise or a service, is "raising the stakes of internet scams", recent monitoring has found.

According to web security firm Websense, there has been a dramatic recent rise in fraud-based websites phishing sites designed to trick users into submitting confidential information such as social security numbers and credit card information.

Established phishing scams use emails to lure internet users to counterfeit websites that have replicated the appearance of established institutions, such as banks or retailers, to gain the confidence of the user that the site is authentic.

However, the newest type of fraud-based websites discovered by Websense Security Labs appear to be legitimate, unique online ecommerce sites, veering away from the more common phishing practice of replicating the look of established institutions.

Found through email, webpage links or search engines, these fraud-based websites claim to offer bona fide products or services with the look and feel of a genuine online retailer. For example, users could be tricked to believe that they are purchasing office supplies, discounted prescriptions or applying for a loan from a legitimate outlet, so they offer up personal financial information on the fraudulent site. When they submit their order or application, that personal information is stolen.

Pharmacy, banks, mortgage and loan websites were found to be the most common scams, with most sites lasting an average of 8.5 days, which is longer than phishing sites.

Websense also said that it has evidence linking the fraud-based websites - most of which are hosted outside the USA - to high traffic spammer networks.

"The internet continues to evolve as an attack vector for hackers by employing tactics that trick both the casual and corporate web users into being victims of identity theft," said Dan Hubbard, director of security and technology research for Websense.

"We predict this problem only to worsen as hackers become more advanced in their scams. New techniques to dupe users are being developed and the accuracy, creativity, and sophistication are rising. Proof that there is money to be made as duping unsuspecting users continues to grow."

www.websensesecuritylabs.com

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.