RSA Security has discovered a phishing toolkit for sale online designed to post legitimate and actual content on a fraudulent URL in real-time.The “Universal Man-in-the-Middle Phishing Kit” works via sending the intended victim a regular dodgy phishing e-mail. After clicking on the link enclosed, the victim is presented with actual content from the website.According to RSA Security’s Anti-Fraud Command Center, the toolkit can be easily configured for multiple targets, configured to import pages from any target organization and intercept any credentials even after a victim has logged into an online account.The toolkit was being offered for free trial on an online “fraudster forum” on Jan. 10. Marc Gaffan, RSA consumer solutions marketing director, said such styles of phishing attacks are a new wave in scamming and will become more prevalent over the next year.“While these types of attacks are still considered next generation, we expect them to become more widespread over the course of the next 12 to 18 months,” Gaffan said. Joel Camissar, Websense Australian country manager, said the difficulty with this type of phishing attack is that it is designed to be posted behind a legitimate and actual URL.Camissar said a vigilant user would still be able to tell the website he is visiting is not legitimate, but this type of phishing technique is not new.“We first saw ‘Rock Phishing’ kits sold for around $20 or $30 online,” Camissar said.“The difficulty with this type of attack is that it is designed to put a fraudulent site behind a legitimate URL, and the customer or user, if not vigilant, could [not] see it is not the original or intended site because hackers these days can just change or add one character to the URL, which even a diligent user may not recognize.“A trend we are seeing is a slight decline in the more ‘traditional’ methods of hacking to spoofing telephone numbers and routing calls to pre-recorded information asking people to divulge account numbers and passwords. … We saw this becoming common in the middle of last year with a lot of small U.S.-based credit unions targeted.”Paul Ducklin, Sophos Asia Pacific head of technology, said he first heard about real-world, URL-based man-in-the-middle attacks during the Virus Bulletin 2006 conference held in Montreal. Ducklin said it is unknown whether the phishing toolkit discovered by RSA that fetches and relays current Web content to mimic the site does more sophisticated stuff like subverting token-based log-ons through acquiring and reusing one-time token data in real-time. -Michael Crawford, Computerworld Australia Related content brandpost How an integrated platform approach improves OT security By Richard Springer Sep 26, 2023 5 mins Security news Teachers urged to enter schoolgirls into UK’s flagship cybersecurity contest CyberFirst Girls aims to introduce girls to cybersecurity, increase diversity, and address the much-maligned skills shortage in the sector. By Michael Hill Sep 26, 2023 4 mins Back to School Education Industry IT Training news CREST, IASME to deliver UK NCSC’s Cyber Incident Exercising scheme CIE scheme aims to help organisations find quality service providers that can advise and support them in practising cyber incident response plans. By Michael Hill Sep 26, 2023 3 mins IT Governance Frameworks Incident Response Data and Information Security news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Generative AI Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe