We are no strangers to phishing emails. They continue to bombard our inboxes with the intention of stealing our precious personal information. In the fight against spammers and cyber criminals, it is important for all of us to stay on top of the latest schemes and tactics used by these individuals or organisations throughout the world. The RSA, a security division providing technology solutions for IT issues, have recently conducted research into a new breed of phishing attack – “Bouncer Phishing”.
Research by the RSA has shown that phishing scams were 59% higher in 2012 than the previous year, costing the global economy over $1.5billion in fraud damages. Phishing kits are becoming ever more common, a collection of preassembled tools that make it easy for those with little technical skill to send out phishing emails. They typically include website development software, spamming software and some include compiled data lists. With phishing kits increasing in complexity at a technical level, the RSA reported that kit included plug-ins for credential validation and the use of web analytical tools, aiding in creating counterfeit websites.
Appropriately named “Bouncer Phishing”, the phishing technique targets only those on a specific list with an ‘if you’re not on the list, you’re not coming in’ attitude. Targeting an average of 3000 users at a time, a unique ID number is generated for each recipient; this is used to send a unique URL to each individual on the list. If you’re not on the list, you get bounced and redirected to a “404-page not found” message, remaining safe from the attack. This opposes the traditional form of phishing, which involve attaching malicious viruses in attachments and casting the net over a large list of targets for the hope that they will catch a bite. A report by Trend Micro Security revealed that 94% of targeted emails use malicious file attachments.
This, however is a much more personal attack, stopping uncontrolled access to the attack website allowing them to target specific individuals. This is through information collected about the recipients that are common among the list. “Spear Phishing”, using information about the intended target to create a more personal email, also creates a stronger image of legitimacy by mentioning their name, rank or position etc.
As previously outlined, the complexity of current phishing kits allows users to exploit vulnerabilities in website plug-ins to highjack the website. For validated users (those assigned a unique ID), information on the target is used to entice the individual to a website. The kit generates an attack page on the exact highjacked website meaning that targets remain unsuspected. Malicious code that is programmed to copy temporary files and folders is used and then forwards the user to other webpages that may steal sensitive and personal information e.g. credit card information.
But what is the purpose of this? Surely they’re limiting their potential for stealing personal information compared to traditional methods? This in an example of a move from quantity to quality. The use of personal details means phishers can gain the information they require from the targets they want. Exploiting vulnerabilities in existing websites and bouncing those without a Unique ID restricts email forwarding and moves away from the mass email tactic – reducing exposure to security experts. Web analytic tools also aid in measuring the success of the attack.
We cannot deny that phishing emails are here to stay for the foreseeable future, especially with the increase in availability for complex phishing tools that allow a more organised and efficient email campaign. The move from quantity to quality ensures they can get a much higher hit rate whilst keeping security experts at bay. We always recommend that users of email clients exercise caution with unknown incoming emails, regardless whether you use Outlook, Hotmail or Gmail, or you are using a personal or organisational email account.