Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CERT Says Phishers Get Craftier

US-CERT yesterday warned enterprises and consumers to be on their guard against increasingly sophisticated phishing attacks, prompting a call for banks to lock down their storage systems. (See Time For ID Lockdown.)

The attacks, which use bogus emails to lure unsuspecting users to fraudulent Websites, are becoming ever more complex, according to Jason Milletary, a security expert at CERT. In a statement, Milletary warns of an increase in attack diversity and technical sophistication by the people conducting phishing and online financial fraud.”

CERT also warned that phishers are using more malicious code to target users’ account information. “Just as with real fishermen, phishers today have a large tackle box of tools available to them,” Milletary says.

Vit Kantor, vice president of consulting firm Spectrum Systems, which works with a number of banks on security issues, warned that the financial sector has got a real fight on its hands. “It’s becoming more and more difficult to discover that something unsavory is going on behind the scenes.” As well as making their fake Websites more realistic, Kantor adds that phishers are getting better at redirecting Web browsers to their bogus sites.

But the exec believes that banks need to do some serious thinking about the impact of say, stolen passwords, on their back-end storage systems. “It’s absolutely crucial,” he says. “There should be risk management policies in place that address the entire infrastructure, not just user authentication.”

  • 1