The more advice for being careful online we get, the further fraudsters push things to try to outwit us poor, innocent Net users and get hold of our credit card and bank account numbers.
Security firm RSA have discovered a new ‘man-in-the-middle’ phishing kit that lets a third-party sit between the user and a legitimate business and capture personal information in real time.
Premise: Why break into increasingly secure systems when you can just get between the legitimate user and that system and nick their details?
Unlike the existing crop of phishing web sites that take a few graphics from the authentic site, but not much else, these attacks actually direct the user to a rogue web site but interacts with genuine content from the legitimate site. This puts the attacker ‘in the middle’ – hence the name – and easily able to get hold of the data.
Fortunately for those with a bit of web sense, it sounds as if these attacks still rely on the user clicking on a fraudulent link.
Related stories: McAfee offers advice for avoiding phishers and identity thieves