New universal man-in-the-middle phishing kit discovered

RSA uncovered a new phishing kit being sold and used online by fraudsters.

This new kit, a Universal Man-in-the-Middle Phishing Kit, is designed to facilitate new and sophisticated attacks against global organizations in which the victims communicate with a legitimate web site via a fraudulent URL set by the fraudster. This allows the fraudster to capture victims’ personal information in real-time.

RSA’s analysts researched and analyzed a demo of the kit that was being offered as a free trial on one of the online fraudster forums that the AFCC monitors regularly.

How it works

Using the Universal Man-in-the-Middle Phishing Kit, the fraudster creates a fraudulent URL via a simple and user-friendly online interface. This URL communicates with the legitimate website of the targeted organization in real- time – whether it is the online banking site of a financial institution, the order tunnel of an ecommerce company, or any other such business transacting with its users online. The victim receives a “standard” phishing email, and when clicking on the link s/he is directed to the fraudulent URL. The victim then interacts with genuine content from the legitimate website – which has been “imported” by the attack into the phishing URL – thus allowing the fraudster seamless, invisible and immediate access to the victim’s personal information.