Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishing For Bank Info Without Any Pesky Malware

Posted by timothy on from the but-the-convenience-is-incredible dept.

Emb3rz writes "DarkReading.com brings us news of a new approach to phishing that targets online banking sites. Here's the novel part of it: it doesn't involve any of the typical attack vectors we all know and love. Instead, it uses JavaScript from a remote page to detect if you have a banking site open, and prompts you for info via popup if you do."

2 of 232 comments (clear)

  1. New ways to steal. by dinther · · Score: 1, Offtopic

    Are you kidding? Internet security clowns have a very limited imagination. They go nuts on securing one aspect beyond usability while completely ignoring other areas.

    Here in NZ there is a problem with ATM machine skimmers. Criminals equip the ATM machine with camera and fake card reader and collect card and pin codes from unsuspecting users after which they raid their bank accounts.

    So everyone is worried about this now. Yet, the most popular form of electronic payment in shops in NZ is the user of a bank card combined with a pin code (EFT Pos).

    I user it all the time to the point that I rarely see cash. Yet, it only takes a single merchant borrowing a mobile EFTPos installation to skim as many cards as he wants.

    Simple. Grab a card reader, fake entry terminal and a simple micro processor and sell some stuff cheap so you get many customers. Add a simple bit of programming. The client payment experience is the same on the fake payment system and they won't pay any attention. After all they are not pulling cash out of a machine but are excited making a payment for a deal too good to be true. No need to suspect anything, after all they walk away with the goods. You collect the card data and pin code and make the same transaction later. Now you either sell on the card data or use it to make small payments or large payments as long as you can get away with.

    Unlike ATM machines, Equipment for electronic bank transactions in shops are completely in the hands of the vendor and totally open to abuse. Yet nobody worries about it because it has not happened or had not been detected to the extend that the media jump on it.

    And don't get me started on credit cards.

  2. Re:Simple Solution... by delvsional · · Score: 0, Offtopic

    Also like a handgun, most tools don't care who is issuing the instructions - they just do it. That tablesaw doesn't care if it's a 2x4 or your forearm, it saws anyways.

    Most table saws anyway.

    http://www.youtube.com/watch?v=CorOfxWfTU8

    --
    Oh Crap, I'm an optimist.....