Not only are phishing attacks increasing exponentially, but they are also becoming more and more advanced and more targeted. The latest discovered by researchers is known as “Bouncer List Phishing”. Unlike most bouncer lists, this is one list you really don’t want to be on!
Bouncer Phishing attacks a pre-determined email list, and each user on the list is sent a unique URL providing them with access to the attack. Once the link is clicked on (never click on a suspicious link!), the victim is sent to a phishing page designed to steal private information, such as credentials.
The unique thing about this type of attack, is that only those on the list are able to access the link. In other words, this attack cannot be forwarded; if you are not on the pre-determined email list and attempt to access the link, an error page will appear. This shift indicates that some cybercriminals are less interested in quantity, and more interested in quality. By pre-selecting which individuals will fall victim to the attack, they are not only able to ensure a higher revenue for themselves by targeting the crème de la crème, but they are also keeping security experts out of the loop, and keeping people in the dark about their newly developed efforts. In turn, it takes much longer to bring these attacks down, and to catch the cybercriminals responsible for them.
What’s to be done?
Well, considering this is a new development and bouncer phishing is extremely hard to identify and slow to get rid of, the best bet for now is education. As always, BullGuard recommends keeping all the applications you use up to date – the Vulnerability Scanner in BullGuard Internet Security 2013 spots out-dated software on your PC and helps you find the necessary updates – as well as thinking twice before sharing your email address with anyone online, and changing your password regularly. Never click on links from strange-looking emails, and get in the habit of deleting emails from people or sources that you are not familiar with.
Do you feel armed with enough information to identify a phishing link/email right away? Tell us.