01:19 PM
Connect Directly

MasterCard Shuts Down 1,400 Phishing Sites

But the number of phishing sites continued to grow by 26% per month between July and February.

MasterCard International Inc. said Tuesday that it has shut down nearly 1,400 phishing sites and more than 750 sites suspected of selling illegal credit-card information since launching an ID-theft-prevention program in June. The program also has led to the discovery and protection of more than 35,000 MasterCard account numbers that were in jeopardy of being compromised.

Under the program, called Stop It, MasterCard is collaborating with digital-asset-protection company NameProtect Inc. to detect online scams in real time as they proliferate across the Internet. NameProtect employs Internet detection technology and systems to continuously monitor domain names, Web pages, online discussions, spam E-mail, and other online formats to identify online trading rings, phishing attacks, and other forms of fraud the moment each attack is launched online.

NameProtect provides real-time exclusive reports to MasterCard. MasterCard, in turn, reports illegal Web sites and other illegal online forums to law enforcement and alerts financial-services institutions.

The number of phishing sites grew by an average of 26% per month between July and February, reaching 2,625, according to the Anti-Phishing Working Group. The average lifetime for a phishing site was 5.7 days in February, but some stayed in operation as long as 30 days.

Last week, MasterCard succeeded in shutting down a phishing site within 15 minutes, says Sergio Pinon, senior VP of security and risk services. Typically, ID-theft rings will move their operations to other Internet service providers but give up after they've been shut down two or three times, Pinon says.

The rapid response to phishing has helped law-enforcement officials break up fraud rings. In October, the U.S. Secret Service collared 27 computer and credit-card scam artists following an investigation; the probe significantly disrupted cybercriminals targeting the U.S. financial infrastructure, according to MasterCard.

One of the newer forms of ID theft is "pharming," also known as DNS (domain name system) poisoning, in which victims are directed to a spoofed Web site that's an exact replica of the real site, where thieves harvest large volumes of personal information.

Cyota Inc., an anti-fraud software provider for financial institutions, on Tuesday added an anti-pharming feature to its FraudAction anti-phishing product. Thirteen of Cyota's banking clients, including two large U.S. banks, have deployed the anti-pharming software over the past eight weeks. The system scans for potential pharming attacks and alerts Cyota's Anti-Fraud Command Center. Once an attack is identified, the center proactively shuts down the spoofed site, conducts forensics, and deploys technical countermeasures. To date, Cyota has shut down more than 7,000 spoofed sites in 65 countries and lowered the lifespan of an attack to five hours from six days.

"Pharming represents a much more insidious form of attack than phishing, because there's no action required on the part of the user," says Chris Voice, VP of technology at security software firm Entrust Inc. Efforts to track and shut down phishing sites, he says, combined with strong authentication software to prevent keylogging and spyware, represent the best hope for restoring online trust.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.