Researchers alarm that, currently, Brazil is being targeted by a real-time phishing campaign. The technique is imitating a banking Trojan as it extracts valuable data from its victims but via interactive, live phishing attacks.
The IBM X-Force explains that the phishing scheme is carried out over a live web session between the target and the attacker. To mislead the users, it is even mimicking a targeted webpage`s look and feel instead of just an idle phishing page. In the web session, the crooks are trying to fool the victims by impersonating their bank and asking them to give up their account details. Then, the critical stolen data can be commercialized on underground forums.
“Most likely, the criminal will access the compromised account from the bank’s website to make a transaction in real time, all the while milking more authentication details from the unsuspecting victim.” – IBM X-Force blogged – “The emergence of this new method will likely contribute to rises in fraud in Brazil over the coming months.”
Usually, this kind of tactics include redirecting users to fake websites, emails impersonating a bank, deploying pharming attacks, inducing malicious proxy changes or launching fake windows or pictures on the victim’s desktop to steal access credentials, card data, personally identifiable information (PII) and account information. However, all of them have this one disadvantage and most banks need the users to provide personal info in real time before authentication.
“This usually foils fraud attacks.” – the researchers noted – “These details are called out-of-band authentication because they happen away from the user’s browser, via a smartphone, card reader or numeric code chart.”
The interactive phishing attack takes place over a real-time web session, which uses numerous changing screens and messages, controlled by the attacker from a remote server, to deceive the victim. It is also able to give its launcher real-time access to a time-based code issued by the bank for a given transaction.
“Using this type of interactive attack, criminals can better impersonate the victim’s trusted bank or service provider.” – IBM explained- “Furthermore, with information being delivered from the victim according to the attacker’s request in real time, the chances of success are much higher.”
This interactive Man-in-the-Middle (MitM) phishing scheme is very advanced and makes the attack way more believable due to the real-time session. Also, the platform, which the crooks use to launch the attack, is available on the Dark Web for purchase.
“The commercialization factor amplifies the prevalence and risk of any online threat.” – added the researchers – “The same kit can be adapted to target any bank in any country. Service providers must acknowledge this risk and mitigate it ahead of time.”
