New Phishing Trend Revealed by Cyota - Fraudsters Becoming More Sophisticated.Business Editors/High-Tech Writers
NEW YORK--(BUSINESS WIRE)--March 22, 2004
Cyota's Anti-Fraud Command Center exposes a new phishing Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their ISP, bank or retail establishment. method, which financial institutions are experiencing and need to prepare for: the use of multiple identical spoofed sites
Cyota, the leading provider of anti-fraud and security solutions for financial institutions, recently revealed a new trend in the rapidly growing email fraud arena. Cyota's Anti-Fraud Command Center has identified that sophisticated fraudsters have begun to launch attacks and host identical spoofed sites from multiple locations simultaneously. This method makes it much harder for banks and law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). to track down the location of the spoofed sites, as well as harder and longer to shut down the fake sites - thus increasing the bank's and its accountholders' potential losses from the attack.
As part of Cyota's 24x7 Anti-Fraud Command Center services, it constantly monitors and analyzes fraudulent The description of a willful act commenced with the Specific Intent to deceive or cheat, in order to cause some financial detriment to another and to engender personal financial gain. emails and other types of fraud. The Center currently works with some of the world's largest banks and issuers, some of which have already experienced the multiple site trend first hand. In the past months Cyota's fraud specialists have seen that not only is phishing growing at a staggering rate, but email fraud attacks continue to evolve and increase in size and sophistication so·phis·ti·cate
v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates
1. To cause to become less natural, especially to make less naive and more worldly.
2. as well.
Up until recently each phishing attack has been hosted and launched from one location. Typically it takes banks several hours up to several days to become aware of an attack that has been launched. Once the financial institution is aware of the attack it contacts the law enforcement agencies, and together, they track down and locate the source of the attack, and shut down the spoofed website as soon as possible.
Recently, fraudsters have begun setting up multiple identical spoofed websites simultaneously hosted at different locations. This trend comes on the heels of another recent trend where fraudsters have migrated from hosting the spoofed sites in western countries like the US and UK to remote locations such as Taiwan Taiwan (tī`wän`), Portuguese Formosa, officially Republic of China, island nation (2005 est. pop. 22,894,000), 13,885 sq mi (35,961 sq km), in the Pacific Ocean, separated from the mainland of S China by the 100-mi-wide (161-km) Taiwan and Eastern Europe Eastern Europe
The countries of eastern Europe, especially those that were allied with the USSR in the Warsaw Pact, which was established in 1955 and dissolved in 1991. . Now financial institutions need to be ready and equipped to deal with the task of locating and shutting down multiple sites that are hosted in a number of locations. Doing so for several sites simultaneously requires preparation and training at the banks, and other institutions, in order to respond in a fast, effective manner.
Additionally, in the past, spoofed sites were usually located at a constant address, at a commercial ISP (1) See in-system programmable.
(2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. or part of a free web-hosting site, which pose as clear targets for shutting down the sites. Now, with computer hijacking hijacking
Crime of seizing possession or control of a vehicle from another by force or threat of force. Although by the late 20th century hijacking most frequently involved the seizure of an airplane and its forcible diversion to destinations chosen by the air pirates, when , which is becoming more frequent, the multiple sites can be located either on home users' computers or commercial websites, without the users' knowledge.
"Phishing, similar to additional fraud and identity theft crimes, is constantly changing and evolving," said Amir Orad, Cyota Vice President of Marketing and Business Development. "Cyota's Anti-Fraud Command Center continues to detect and monitor attacks as well as identify new trends. We believe that banks, whether they have experienced phishing first hand or not, must be pro-active pro·ac·tive or pro-ac·tive
Acting in advance to deal with an expected difficulty; anticipatory: proactive steps to prevent terrorism. and prepare themselves for phishing attacks. Financial institutions need to create internal procedures, and stay updated with recent trends in order to protect their accountholders' personal information and feeling of trust, the bank's brand, and the viability of the Internet Internet
Publicly accessible computer network connecting many smaller networks from around the world. It grew out of a U.S. Defense Department program called ARPANET (Advanced Research Projects Agency Network), established in 1969 with connections between computers at the as a legitimate channel."
About Cyota FraudAction(TM)
Cyota FraudAction is the first solution geared towards financial institution email fraud; the service assists banks to deal with an email fraud (phishing) attack before it takes place, during an attack and post attack. Cyota's FraudAction includes several modules such as the Real-time 1. real-time - Describes an application which requires a program to respond to stimuli within some small upper limit of response time (typically milli- or microseconds). Process control at a chemical plant is the classic example. Detection and Alerts Module that is based on several technologies and mechanisms including gateways, mail filters, email decoys and more, a proprietary Risk Assessment Module, which provides the bank with crucial information and analysis about the attack, such as the severity and potential damage of the attack, and Cyota's unique, patent-pending Counter-measures designed to reduce the potential damages of the attack. Like many of Cyota's leading security and anti-fraud solutions, FraudAction is offered as an outsourced, managed modular service, which allows banks to minimize resource investments while deploying a system quickly.
Cyota is the leading provider of security and anti-fraud solutions for financial institutions. Cyota services multiple clients in North America North America, third largest continent (1990 est. pop. 365,000,000), c.9,400,000 sq mi (24,346,000 sq km), the northern of the two continents of the Western Hemisphere. , Europe and Asia-Pacific with anti-fraud and security systems currently available to over 350 million accountholders. Founded in 1999, Cyota is headquartered in New York New York, state, United States
New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of with offices worldwide. Cyota is led by a respected management team with extensive experience in the security, Internet and banking industry. For more information please visit www.cyota.com