Authors of computer viruses and threats (including phishing scams) are looking for direct financial profit from cybercrime. For this reason, they are using more innovative and diversified techniques to, above all, steal users’ identities or obtain bank details to commit fraud.
In the first half of 2006, PandaLabs registered a 50 percent increase in identity theft and online fraud related activity. What’s more, it detected new tricks that used phishing techniques but with different methods than those traditionally used.
An example emerged in June with the use of MySpace, the wide social networking website. In this case, the attack came in the form of a link included in a message received via instant messaging. This link accessed a website that spoofed MySpace and requested the username and password. As the website was a phony, these details were stored, and the authors of the scam gained access to the user’s personal profile. Once they had discovered user’s personal details, they used them to steal the user’s identity and commit fraud, as if they were another person.
PandaLabs also recently detected a phishing scam that announced that the National Bank of Australia had gone bankrupt. It was sent via email and contained a link that accessed an official-looking page, which explained that the bank had gone bankrupt and that people were starting to panic, and advised clients to access their account to check that it was still active and in credit.
This link accessed a website that spoofed the identity of the bank and contained an exploit that ran the Haxdoor Trojan. This Trojan captured the user details for accessing the account, and from then on, the author was free to carry out transactions and similar operations.
After stealing users’ money, the phishers looked for victims to launder the money. They did this using false employment offers that promised significant income in a very short time. In most cases, these employment offers involved a large amount of money being paid into victims’ bank accounts, which they then had to transfer to accounts in other countries.
By doing this, without realising, the victim contributed to closing the cycle that the phisher had started when the first email was sent to obtain users’ personal details or banking details.
On other occasions, the data is sold on the “black market” so that others use them to commit fraud, generating a double income: the first from selling the data and the second from the money stolen from these accounts.