Phishers Add New Techniques to Their Arsenal

How does a phishing scam work? The attacker, a.k.a. the phisher, creates a copy of a legitimate website and sends emails to certain victims asking them to visit the page. In comparison with the genuine website, the fake one actually requires private information such as credit card details or financial data that would allow phishers to steal money. However, according to recent reports, this is only an old phishing scam as today's attacks seem to be more advanced and tend to adopt more and new techniques.

TrendLabs informed yesterday that phishing attacks had revealed a new trend when it comes to this type of scams: phishers now rely on malware which is supposed to reach the victims' computers and steal the information by itself. What's the difference? Users are no longer asked to enter their details on a crafted website because the page only attempts to drop a malware to get the info. The entire process is made with the victim's approval as he is asked to download a file claiming to be a legitimate package.

The best example is brought by a recent attack over several banks which tried to push a web bank certificate on the victims' systems. The file was actually made up of some samples of malware which, according to TrendLabs, were detected as TSPY_PAPRAS.AC and TSPY_PAPRAS.AD.

"Traditional phishing involves phishers sending out email messages that lead users to a fake Web site resembling login pages of certain institutions or companies. This time they've made sure they can get sensitive user information even without getting users to log in to some fake page. They do this by planting a spy in users' systems so any relevant user action can be transmitted to a remote server. Unprotected users thus stand to lose sensitive information," TrendLabs explained.