PayPal, Wells Fargo Among Most-Spoofed Sites During Holidays

PayPal and Wells Fargo topped the list of spoofed e-commerce sites used in phishing campaigns over the holidays.

Thousands of phishing emails attempted to trick users into giving up their account credentials by sending victims to spoofed Web pages. In a phishing analysis conducted by security vendor Trend Micro, attackers set up more than 17,500 phony PayPal sites.

Security experts say social engineering and phishing campaigns designed to steal account credentials are at the heart of most data security breaches. Banks or well-known credit card companies made up the bulk of the spoofed sites over the holidays, according to the Trend Micro analysis.

[Related: Go Phishing: Rapid7 Lets Companies Test Their Own Networks ]

id
unit-1659132512259
type
Sponsored post

Phishing campaigns historically fluctuate throughout the year and commonly increase during the holiday season, according to Claudio Guarnieri, a security researcher at Boston-based vulnerability management vendor Rapid7.

"This is always the easiest period of the year for these kinds of attacks to be successful," Guarnieri said. "It's something that seems to have always existed."

Some attacks are designed to collect banking credentials and credit card data and don't typically need an automated attack toolkit for the malware to be successfully pulled off, Guarnieri said. Other social engineering attacks force victims to malicious Web pages, where attackers scan a victim's machine for vulnerable software and upload malware, connecting the victim's machine to a botnet.

Trend said some of the pages contained the Trojan Qhost.EQ, spyware designed to steal data from victim’s machines. Qhost, which surfaced in 2006, can also hijack the browser, redirecting visitors from banks and e-commerce sites to fake Web pages in an attempt to steal more sensitive data. The company detected victims of the attacks in Taiwan, Thailand and the United States.

Visa, Citibank and Bank of America also topped the list of spoofed sites. Popular webmail services AOL, Yahoo and Gmail were also highly used in phishing campaigns.

Trend Micro also detected the sites serving up victims with the Cridex worm, which opens a back door and downloads data-stealing malware onto the victim’s machine. Cridex is similar to the Zeus banking malware. It spreads via the Black Hole attack toolkit.

NEXT: Mobile Devices Not Immune To Holiday Attacks

Mobile devices were not immune to the holiday attacks, wrote Paul Pajares, a Trend Micro fraud expert, in a blog post explaining the analysis. Pajares said Trend detected a spoofed PayPal Mobile site, which can be very convincing to the device user. "Because mobile users will typically not see the whole URL, users may readily think that they visited the legitimate website," Pajares wrote.

Attackers used the Zeus Trojan to spoof several top U.S. banks in early December. Researchers at Dell-SecureWorks detected the Zeus gang using the Cutwail Botnet to send out millions of spam messages. The messages attempt to trick the victim by urging them to open an attachment to register to accept secure messages from their bank. The attachment opens up a downloader that downloads the Zeus banking Trojan. Zeus is a malware family that has plagued the financial industry for years.

PUBLISHED JAN. 3, 2013