Phishers Taking A Multilingual Approach

By | April 26, 2006

RSA Security announced today that over the past six months it has seen a considerable growth in the amount of phishing attacks targeting financial institutions in non-English speaking countries. Based on the data processed by RSA Security´s Anti-Fraud Command Centre, the portion of attacks targeting such countries now represents almost 40 percent of worldwide phishing targets.

The primary phishing targets worldwide still remain English speaking countries such as the US and the UK, followed by Australia and Canada. The US, for example, sees over 50 percent of worldwide attacks. However, more recently fraud specialists have noticed an increase in the amount of attacks against European countries, including Spain, Germany and Italy, as well as the Netherlands, Scandinavia and France.

Emails are even sent in local dialects, such as Catalan in Northern Spain, with the fraudulent websites designed to effortlessly bypass local protection mechanisms such as back-of-ATM-card matrix of random numbers, scratch cards with random access codes, or lists of one time transaction access numbers held by the bank´s customers.

RSA Security´s fraud analysts have also detected postings in online fraudster communities suggesting that local crime rings that are familiar with the way local banks work in the various countries are requesting phishing attacks on European targets. In other words, there is a surge in demand for European banks´ phished credentials.

Andrew Moloney, senior product manager at RSA Consumer Solutions, said: “Fraudsters are essentially crooked entrepreneurs; they are constantly looking for the greatest return for the smallest investment and financial institutions in relatively untapped markets with users unfamiliar with phishing attacks are an attractive target. Banks and customers who have been fortunate enough to avoid attracting the attention of the fraudsters so far now need to be on their guard and take preventative, proactive measures wherever possible. That means adopting a defence-in-depth strategy, whereby phishers are monitored and thwarted using shared intelligence networks and adaptive, risk-based authentication techniques.”

Leave a Reply