Phishing Fraud in 2007

Netcraft: Phishing Attacks Continue to Grow in Sophistication

“The Year in PhishingPhishing attacks are continually evolving, as
fraudsters develop new strategies and quickly refine them in an effort to
stay a step ahead of banking customers and the security community. Here
are some of the phishing trends and innovations we noted in 2006”

  • Plug and Play Phishing Networks
  • Phlashing (Flash-based phishing sites)
  • Two-factor Authentication: A July attack on Citibank demonstrated a technique that was able to defeat two-factor authentication tactics using a man-in-the-middle attack.
  • Hacked Bank Sites
  • Continued XSS (cross-site-scripting) Vulnerabilities
  • MySpace Phishing

Read the article for more details. Is safe to do online banking? I know people
who say “no”. If someone hacks into your bank account and commits fraud, who
bears the burden of proof? You or the bank? Probably you. Who limits your
liability? Not the bank. Credit card companies limit customer liability to a
reasonable minimum, but with online banking, there is no such protection. If
you physically visit a bank office and
fraud happens, at least there are
records of who did what (video camera recordings, records of which bank teller
was helping with the transaction, etc.) With online banking, most of those
audit records don’t exist.