A newly discovered category of fraud-based sites, which collect similar information to traditional phishing sites while promising victims a merchandise or a service, is “raising the stakes of internet scams”, recent monitoring has found.
According to web security firm Websense, there has been a dramatic recent rise in fraud-based websites phishing sites designed to trick users into submitting confidential information such as social security numbers and credit card information.
Established phishing scams use emails to lure internet users to counterfeit websites that have replicated the appearance of established institutions, such as banks or retailers, to gain the confidence of the user that the site is authentic.
However, the newest type of fraud-based websites discovered by Websense Security Labs appear to be legitimate, unique online ecommerce sites, veering away from the more common phishing practice of replicating the look of established institutions.
Found through email, webpage links or search engines, these fraud-based websites claim to offer bona fide products or services with the look and feel of a genuine online retailer. For example, users could be tricked to believe that they are purchasing office supplies, discounted prescriptions or applying for a loan from a legitimate outlet, so they offer up personal financial information on the fraudulent site. When they submit their order or application, that personal information is stolen.
Pharmacy, banks, mortgage and loan websites were found to be the most common scams, with most sites lasting an average of 8.5 days, which is longer than phishing sites.
Websense also said that it has evidence linking the fraud-based websites – most of which are hosted outside the USA – to high traffic spammer networks.
“The internet continues to evolve as an attack vector for hackers by employing tactics that trick both the casual and corporate web users into being victims of identity theft,” said Dan Hubbard, director of security and technology research for Websense.
“We predict this problem only to worsen as hackers become more advanced in their scams. New techniques to dupe users are being developed and the accuracy, creativity, and sophistication are rising. Proof that there is money to be made as duping unsuspecting users continues to grow.”