New method of phishing observed
Trend Micro has identified a new phishing technique involving shopping websites that departs from the more orthodox method of wholesale copying of a genuine website. The new technique instead utilises many elements of the genuine website, before stealing the victim’s details at checkout.
A conventional phishing website often duplicates most of the content of a genuine site. Due to many websites having a large number of pages, the attackers can make mistakes, which is often a flag to a user browsing a site. In the case of a shopping site, a user may browse the site, selecting items to put in a cart and then checking out. Creating a bogus site to do this requires considerable effort from would-be attackers.
The new technique still uses a fake site, but the fake site acts as a proxy for the real site. A user browsing on the fake site simply has their requests to view a page sent back to the real site, which then sends the reply back to the user.
When the shopper adds to their basket, they are actually adding items to a bogus basket set up by the cyber criminals. The attackers (in the observed case) have set-up a fake page with products that are lower in price than the products on the genuine page. The attackers have then used SEO methods to ensure the fake product page shows up in search results.
The bogus basket is very similar to the genuine basket. When the user checks out, they are asked to enter in standard information. The entire process is very realistic; shoppers could easily think that they have actually completed a transaction. Shoppers even receive an email on completion of the order. The reality is that the attackers have managed to extract a wealth of information from the shopper, including card details, email addresses and physical addresses.
The ways in which shoppers could be lured to the site are via search engines or via emails with a link to the malicious site. The post states that they “have only identified this attack targeting one specific online store in Japan.”
This type of attack is of concern; it takes less effort to set up than previous phishing websites, as the attackers only need to duplicate the checkout page. Trend Micro envisages that the simplicity of the attack could see it being adopted on a large scale.