Sophisticated phishing scheme busted

The recent indictment of 38 individuals for running a phishing scheme that targets many banks and credit unions shines a light on the techniques that phishers now employ. It starts with spam that lures people to fake websites where personal data is input. According to Information Week, that data was harvested by suppliers who forwarded the it via chat to cashiers. The cashiers used credit card encoding devices to capture the data on the magnetic strips of various cards, with runners then using the cards at ATMs to make actual withdrawals. Millions were said to be stolen. This is the sort of thing that keeps banks up at night. There are many solutions out there, but the most aggressive are multi-prong. A good example is PayPal, among the most targeted of companies. Among other things, it intends to roll out better email authentication via the Sender Policy Framework (SPF) and DomainKeys, which would basically allow ISPs "to drop each email that isn't verified to be from PayPal," according to SC Magazine.  

For more:
- here's the Information Week article
- here's an SC Magazine article

Related Articles:
Can banks effectively use email?
Phishers get nabbed
Phishing attacks may hit your computer