Most phishing attacks of the past 12 months involved sending e-mail that purports to come from a major company – usually a financial services firm, e-tailer or other service provider. Victims follow links in the e-mail to "re-confirm" their security details – and these details are quickly exploited for profit.
With the new scam, unwitting surfers arrive at a site by searching the internet for items they want to buy. The point does not appear to take the value of any attempted purchase; instead, when a product image is clicked, according to CyberGuard, this downloads a Trojan to the user's PC.
The Trojans can then redirect links to legitimate financial institutions to fraudulent web sites, allowing the fraudsters to harvest the user's credentials – and attempt to empty their accounts.
"If it looks too good to be true," said Paul Henry, a senior vice president with CyberGuard, "it probably is. Don't let the Grinch steal your Christmas."
Taking down sites that are identified as fraudulent can be a slow process. However, another security firm, Cyota, claims that its FraudAction anti-phishing product has lowered the lifespan of a typical phishing site to five hours, compared to the industry average of 153 hours, or 6.4 days, reported by the Anti-Phishing Working Group. According to Cyota, one bank using FraudAction has cut its fraud losses by over 50% as a result.
Another firm has developed an internet browser that claims to detect phishing attacks and warns users once an attack is discovered. Deepnet Explorer says its product works by checking sites against its own blacklists and analysing whether visited sites conform to certain security standards.