Magazine article American Banker

A Phishing Complication: Using More Than One Site

Magazine article American Banker

A Phishing Complication: Using More Than One Site

Article excerpt

Security vendors are warning of a new type of phishing scam with a longer potential lifespan than the typical attack.

RSA Security Inc. of Bedford, Mass., said Wednesday that it spotted two attacks in recent weeks that used a redirection server to forward victims to one of a number of fake sites.

Phishing attacks try to lure people to fake Web sites, where they are asked to reveal personal information that can be used for identity theft.

Setting up multiple sites can complicate the efforts of banks and security vendors to stop an attack.

"Instead of whack-a-mole, you're whacking armies of moles," said Peter Cassidy, the secretary general of the Anti-Phishing Working Group, a trade group that monitors phishing trends.

"A redirect attack is another level of sophistication, higher than a regular phishing attack," he said.

The group has found that the average phishing site stays up for 5.3 days before banks and security firms can take it down.

Naftali Bennett, a senior vice president at RSA's Cyota Consumer Solutions unit, said that the two recent attacks, which his company is calling redirection attacks, used about five fake Web sites each. The servers frequently check each site to determine which are still active, and which have been taken down.

"As long as one of those five Web sites is still live, the entire population will be redirected to that sole, survivor Web site," he said.

RSA can find, and shut down, a typical phishing site in about four to five hours, but he said it takes about 12 hours to find all the systems involved in a redirect attack and bring them down.

That's partly because many anti-phishing efforts are triggered when victims send banks the address of a fake site, he said; in a redirect attack, sending the address alone would not let banks find the main redirect server or other fake sites. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.