Universal Man-in-the-middle Phishing Toolkit found

By Paladion

January 14, 2007

A few months ago, Jose mentioned in Palisade that Man in the middle Phishing attacks are on the increase. Last week RSA Security announced that they have discovered a Universal Man-in-the-middle Phishing Toolkit being sold online. The toolkit makes it easy to deploy new phishing sites. More importantly, this is the first instance of a toolkit simplifying man-in-the-middle phishing attacks.

Man-in-the-middle phishes relay pages from the website to the user and the requests from the user to the server in real-time. They can subvert two-factor authentication schemes by inserting themselves transparently in the request-response path. If you have invested in two-factor tokens to beat phishing, this is a good time to rethink your strategy.

Educating your users, detecting phishing attacks early and taking down the phishing sites quickly are the cornerstones of the anti-phishing strategy we recommend.

Tags: Uncategorized