What’s the deal?
in the past week or two, the anti phishing community has been buzzing with this. now it is public and i can finally shout my frustration:
so, we have phishing sites which are doing man-in-the-middle in real time, between the phished site and the phished user.
how is that news?
regular phishing works like so:
victim >> fake site >> real site
now, in most cases in the past, this process was not automatic, and in most cases – it won’t be. distribution across ip addresses, choosing what accounts are worth it to steal from, choosing money mules, etc. is far easier to do off-line.
that said, this isn’t new, it’s just… yet another kit. am i excited about a new kit? kinda. is this big news? no.
why you ask? as this real-time phishing using mitm attacks has been happening for years now using phishing or banking trojan horses. the best we can describe happened is that the technique was now incorporated into older email-based phishing, as well.
new? okay, maybe if we push it. exciting? so-so.