If you are a Verizon Wireless customer, and you paid your bill online between May 7 and May 13, you may be at risk of identity theft. For that six-day stint, customers going to Verizon Wireless' website may have fallen prey to a clever and virtually undetectable scam. Anyone whose PC had already been infected by a specific "banking Trojan" would have been silently redirected to a fake Verizon Wireless page hosted on another website, which would have asked them to fill in essential personal information.
The Verizon Wireless site itself was not infected. The malware would simply have waited until the victim went to that site and tried to pay a bill. The data that each victim was "required" to provide included full name, phone number, country of citizenship, date of birth, Social Security number, mother's maiden name, credit card number, credit card expiration date and credit card security code. Among online criminals who specialize in credit-card and identity theft, that set of information is the "keys to the kingdom." The scam was discovered by the Israeli online-banking security firm Trusteer, which found it in a variant of the SpyEye banking Trojan.
SpyEye uses what expert call a "man-in-the-middle" attack. It silently plants itself in your browser, waiting until you go to a website that involves financial transactions, such as a banking site. It then redirects you to a Web page that looks identical to the page you expect to see, except that any info entered on the spoofed page goes straight into a cybercriminal's hands. Technews Daily
"While this attack is not technically new, it continues a financial malware trend we have been tracking in recent weeks: a shift away from stealing usernames and passwords to stealing payment and credit card data,"
No comments:
Post a Comment