New Phishing Trend Revealed by Cyota - Fraudsters Becoming More

Cyota has revealed a new trend in the rapidly growing email fraud arena. Cyotas Anti-Fraud Command Center has identified that sophisticated fraudsters have begun to launch attacks and host identical spoofed sites from multiple locations simultaneously.This method makes it much harder for banks and law enforcement agencies to track down the location of the spoofed sites, as well as harder and longer to shut down the fake sites - thus increasing the banks and its accountholders potential losses from the attack. As part of Cyotas 24x7 Anti-Fraud Command Center services, it constantly monitors and analyzes fraudulent emails and other types of fraud. The Center currently works with some of the worlds largest banks and issuers, some of which have already experienced the multiple site trend first hand. In the past months Cyotas fraud specialists have seen that not only is phishing growing at a staggering rate, but email fraud attacks continue to evolve and increase in size and sophistication as well. Up until recently each phishing attack has been hosted and launched from one location. Typically it takes banks several hours up to several days to become aware of an attack that has been launched. Once the financial institution is aware of the attack it contacts the law enforcement agencies, and together, they track down and locate the source of the attack, and shut down the spoofed website as soon as possible. Recently, fraudsters have begun setting up multiple identical spoofed websites simultaneously hosted at different locations. This trend comes on the heels of another recent trend where fraudsters have migrated from hosting the spoofed sites in western countries like the US and UK to remote locations such as Taiwan and Eastern Europe. Now financial institutions need to be ready and equipped to deal with the task of locating and shutting down multiple sites that are hosted in a number of locations. Doing so for several sites simultaneously requires preparation and training at the banks, and other institutions, in order to respond in a fast, effective manner. Additionally, in the past, spoofed sites were usually located at a constant address, at a commercial ISP or part of a free web hosting site, which pose as clear targets for shutting down the sites. Now, with computer hijacking, which is becoming more frequent, the multiple sites can be located either on home users computers or commercial websites, without the users knowledge.