Social Engineering plays an extremely significant role in the success of phishing attacks. As more and more users become aware of the problem fraudsters need to find more creative ways of convincing users to surrender personal information to fraudulent websites.
It seems that most fraudsters have come to the conclusion that messages crafted to address security issues stand a better chance of attracting users’ attention and gaining their trust. These phishing emails usually call for immediate action and threaten users that their account will be blocked if they fail to take the required action.
Here are a few examples for security themed phishing emails:
Locked Account
These phishing emails claim that your account has been locked or limited for security reasons until you provide more information or prove your identity. Here are a couple of examples:
Example 1
Example 2
Unauthorized Transaction
These phishing emails claim that an unauthorized or suspicious transaction has taken place in your account and request you to provide identifiable information to view or cancel the transaction. Here are a couple of examples:
Example 1
Example 2
New Security Features
These phishing emails introduce a new security control from the bank and ask you to provide more information to enable this control. Here are a few examples:
Example 1
Example 2
With the last example that uses the Trusteer brand, if the user clicks on the link, the browser is directed to a phishing site that attempts to replicate the Trusteer website (below).
Here the user is asked to choose their bank’s name from a drop down list of prominent US, UK and Canadian financial institutions. If they click on one of these bank names, they are redirected to another website that resembles the website of the bank they have chosen. From this point forward, the attack becomes a traditional website phishing scheme where users are asked to enter their username, password, account information, etc. – which are sent to the fraudster’s command and control server.
It’s interesting that fraudsters believe that by using the Trusteer brand they are more likely to convince users to access phishing websites. The Trusteer brand would usually attract users who are familiar with Trusteer and possibly use Trusteer Rapport on their desktop and hence are protected against these phishing attacks.
Trusteer provides the following protection layers against phishing:
- Trusteer Rapport provides online banking password protection that warns users if they attempt to submit their credentials to a phishing site
- Trusteer Intelligence investigates suspected phishing sites and if a website is found to be malicious will alert its bank customers. Any Trusteer Rapport users who have submitted credentials to the website will be asked by the bank to change their username and password, and the website is black listed within Trusteer Rapport
- Banks subscribing to the Trusteer clientless phishing detection service are automatically notified when someone tries to log on with stolen credentials. This enables the bank to alert the victim, change their username and password, and takedown the malicious site
Leave a reply
