Although a report by the Anti-Phishing Working Group (APWG) has shown a slight decrease in conventional Internet fraud attacks the research also highlighted a marked increase in crimeware: malicious software designed to steal identity information for financial crime.
Phishing, a term coined by hackers who aim to entice people to share passwords or credit card numbers, involves the creation of a replica of a legitimate web page, which is intended to fool a user into submitting personal, financial or password data.
Over recent years, companies associated with Internet payments and confidential personal data have battled hackers in an attempt to neutralize information fraud technologies. Recent victims of phishing include Charlotte’s Bank of America, Best Buy and eBay, where people were directed to web pages that looked nearly identical to the companies’ sites and duped into disclosing important personal information.
The new APWG report, however, declares the technological contest to be escalating to a new level. The group found that hackers are designing systems specifically to neutralize counter-phishing technologies.
Phishers have adopted ‘screenscraper’ technology in an attempt to counter the systems that some financial services firms are using to avoid the problems of keylogging Trojans that are used to mine the usernames and passwords directly from the keyboard entry of alphanumerics and symbols.
APWG analyst Dan Hubbard said, Crimeware continues to evolve as we have seen the deployment of advanced techniques to steal information. These Trojan horses are moving beyond keylogging to now capture screenshots to obtain end-user credentials.
The APWG reported that it received some 14,135 unique phishing reports in July, down from 15,050 in June. In July 2005, 71 brands were reported as being phished, down from a high of 107 different brands being phished in May 2005.