Trusteer has reported a recent attack targeting Verizon customers. Malware on the victim's computer injects a fake billing page after you've logged into your account. That page requests personal financial details which are then sent to the attacker and used for credit card fraud. According to Trusteer, the phished details include:
- First name, last name
- Street address, City, state, zip
- Phone number, phone type
- Email address
- Country of citizenship
- Social security number
- Date of Birth
- Mother's maiden name
- Card number, expiration date and CVV
It pays to be suspicious of any request for personal information, even if it's coming directly from your online banking site. If you ever encounter such a request while banking online, close your browser and contact your bank in person or via a known trusted phone number and ask if the request was legitimate. Do not call using a phone number provided on the request form - if it is a phishing attempt that phone number will likely direct you to a criminal call center and not the actual bank.
The SpyEye trojan uses rootkit technology to hide its presence on the infected computer. SpyEye also disables or interferes with antivirus and other security software to further prevent detection. The SpyEye trojan includes a keylogger to capture keystrokes typed on infected computers. SpyEye launches a man-in-the-browser attack, injecting the malware into Internet Explorer, Firefox, Chrome and Opera.
The man-in-the browser attack enables SpyEye to intercept and modify Web pages on the fly as well as inject new pages. It's like having a middleman sitting in your browser handling all your requests. So instead of going directly to a website address you type in, that middleman can modify the request and send you to a completely different site, or it can modify the Web page before it delivers it back to you - inserting malicious content in the process.