Page 1 of 2
PayPal and Wells Fargo topped the list of spoofed e-commerce sites used in phishing campaigns over the holidays.
Thousands of phishing emails attempted to trick users into giving up their account credentials by sending victims to spoofed Web pages. In a phishing analysis conducted by security vendor Trend Micro, attackers set up more than 17,500 phony PayPal sites.
Security experts say social engineering and phishing campaigns designed to steal account credentials are at the heart of most data security breaches. Banks or well-known credit card companies made up the bulk of the spoofed sites over the holidays, according to the Trend Micro analysis.
Phishing campaigns historically fluctuate throughout the year and commonly increase during the holiday season, according to Claudio Guarnieri, a security researcher at Boston-based vulnerability management vendor Rapid7.
"This is always the easiest period of the year for these kinds of attacks to be successful," Guarnieri said. "It's something that seems to have always existed."
Some attacks are designed to collect banking credentials and credit card data and don't typically need an automated attack toolkit for the malware to be successfully pulled off, Guarnieri said. Other social engineering attacks force victims to malicious Web pages, where attackers scan a victim's machine for vulnerable software and upload malware, connecting the victim's machine to a botnet.
Trend said some of the pages contained the Trojan Qhost.EQ, spyware designed to steal data from victim’s machines. Qhost, which surfaced in 2006, can also hijack the browser, redirecting visitors from banks and e-commerce sites to fake Web pages in an attempt to steal more sensitive data. The company detected victims of the attacks in Taiwan, Thailand and the United States.
Visa, Citibank and Bank of America also topped the list of spoofed sites. Popular webmail services AOL, Yahoo and Gmail were also highly used in phishing campaigns.
Trend Micro also detected the sites serving up victims with the Cridex worm, which opens a back door and downloads data-stealing malware onto the victim’s machine. Cridex is similar to the Zeus banking malware. It spreads via the Black Hole attack toolkit.