Cyberthieves Phishing for Cash

By Laura Spadanuta, Assistant Editor

CNN has an article that details the tactics taken by cyberthieves to steal money out of bank accounts. The tool of their trade is phishing, which is when they send fraudulent e-mails to obtain sensitive information that can then be used to access bank accounts.

An example are e-mails that appear to be legitimately from a bank and often have warnings about account security or messages about accounts being locked.  The e-mail will then ask an individual to log-in from a link in the e-mail, and that false log-in site will capture account information such as account number and password.

The article highlights an even more complicated form of phishing:  a malware that facilitates hacking of server settings.

For example, a user types into his or her browser. But instead of the computer using the service provider's server, which would take the user to the real Bank of America server, the computer uses a bogus server run by phishers -- and that takes the user to a fake Bank of America server.

The phishers take the user's login information and empty the account.

An IBM Internet Security Systems X-Force survey shows that banking industry companies made up 19 of the 20 companies targeting by phishing in 2007.

The article advises that it might be worth keeping a paper trail of the bank account.  It cites criminals in Brazil who have been able to wipe out entire accounts and leave no trail behind. 



View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.