|March 22, 2004
New Phishing Trend Revealed by Cyota - Fraudsters Becoming More Sophisticated
|Cyota's Anti-Fraud Command Center exposes a new phishing method, which financial institutions are experiencing and need to prepare for: the use of multiple identical spoofed sites
|Cyota, the leading provider of anti-fraud and security solutions for financial institutions, recently revealed a new trend in the rapidly growing email fraud arena. Cyota's Anti-Fraud Command Center has identified that sophisticated fraudsters have begun to launch attacks and host identical spoofed sites from multiple locations simultaneously. This method makes it much harder for banks and law enforcement agencies to track down the location of the spoofed sites, as well as harder and longer to shut down the fake sites - thus increasing the bank's and its accountholders' potential losses from the attack.
As part of Cyota's 24x7 Anti-Fraud Command Center services, it constantly monitors and analyzes fraudulent emails and other types of fraud. The Center currently works with some of the world's largest banks and issuers, some of which have already experienced the multiple site trend first hand. In the past months Cyota's fraud specialists have seen that not only is phishing growing at a staggering rate, but email fraud attacks continue to evolve and increase in size and sophistication as well.
Up until recently each phishing attack has been hosted and launched from one location. Typically it takes banks several hours up to several days to become aware of an attack that has been launched. Once the financial institution is aware of the attack it contacts the law enforcement agencies, and together, they track down and locate the source of the attack, and shut down the spoofed website as soon as possible.
Recently, fraudsters have begun setting up multiple identical spoofed websites simultaneously hosted at different locations. This trend comes on the heels of another recent trend where fraudsters have migrated from hosting the spoofed sites in western countries like the US and UK to remote locations such as Taiwan and Eastern Europe. Now financial institutions need to be ready and equipped to deal with the task of locating and shutting down multiple sites that are hosted in a number of locations. Doing so for several sites simultaneously requires preparation and training at the banks, and other institutions, in order to respond in a fast, effective manner.
Additionally, in the past, spoofed sites were usually located at a constant address, at a commercial ISP or part of a free web-hosting site, which pose as clear targets for shutting down the sites. Now, with computer hijacking, which is becoming more frequent, the multiple sites can be located either on home users' computers or commercial websites, without the users' knowledge.
"Phishing, similar to additional fraud and identity theft crimes, is constantly changing and evolving," said Amir Orad, Cyota Vice President of Marketing and Business Development. "Cyota's Anti-Fraud Command Center continues to detect and monitor attacks as well as identify new trends. We believe that banks, whether they have experienced phishing first hand or not, must be pro-active and prepare themselves for phishing attacks. Financial institutions need to create internal procedures, and stay updated with recent trends in order to protect their accountholders' personal information and feeling of trust, the bank's brand, and the viability of the Internet as a legitimate channel."
About Cyota FraudAction(TM)
Cyota FraudAction is the first solution geared towards financial institution email fraud; the service assists banks to deal with an email fraud (phishing) attack before it takes place, during an attack and post attack. Cyota's FraudAction includes several modules such as the Real-time Detection and Alerts Module that is based on several technologies and mechanisms including gateways, mail filters, email decoys and more, a proprietary Risk Assessment Module, which provides the bank with crucial information and analysis about the attack, such as the severity and potential damage of the attack, and Cyota's unique, patent-pending Counter-measures designed to reduce the potential damages of the attack. Like many of Cyota's leading security and anti-fraud solutions, FraudAction is offered as an outsourced, managed modular service, which allows banks to minimize resource investments while deploying a system quickly.
Cyota is the leading provider of security and anti-fraud solutions for financial institutions. Cyota services multiple clients in North America, Europe and Asia-Pacific with anti-fraud and security systems currently available to over 350 million accountholders. Founded in 1999, Cyota is headquartered in New York with offices worldwide. Cyota is led by a respected management team with extensive experience in the security, Internet and banking industry. For more information please visit www.cyota.com