Phishers set up shop in legit Canadian sites

 Are you sure you’re the only business using your Web site?

A recent report by security company Websense Inc. indicates that a number of legitimate business sites in the country may be unwittingly hosting phishing operations that run spoofed Web sites used for personal data harvesting.

In one instance, Websense researchers found a spoofed TD Bank site that collected user name and password information from bank customers duped into believing their accounts have been disabled. “When we investigated the spoofed site, we found that it was actually being run from a legitimate environmental Web site in Quebec,” said Fiaz Walji, senior director for Websense Canada.

Operators of the legitimate Web site were not aware that cyber criminals had hacked into their site and created additional pages to host the spoofed TD bank site, said Walji. “This is something that could easily pass inspection because not all businesses monitor every page of their site regularly,” he said. “The spoofed pages are also not visible to the legitimate site’s clients, only victims responding to phishing emails and clicking on the link to it can see the pages.”

A screenshot of the spoofed TD site.

The legitimate site hosted spoofed pages.

Websense’s warning came yesterday as it announced at the SC Congress Canada 2012 security conference in Toronto, the latest data from its Q1 2012 Canadian cyber security risk profile.

Canada’s dubious standing

The Websense report is nothing to celebrate over. The security firm reported that Canada retained its previous 2011 Q1 standing as the number two country hosting the most phishing sites.

Top 10 Countries that Host Phishing Sites
1. United States
2. Canada
3. Egypt
4. Germany
5. France
6. Romania
7. Netherlands
8. United Kingdom
9. Russia
10. Israel

The number of phishing sites in Canada actually jumped by 170 per cent from last year, according to the report.
“This is a significant increase and the country ranks ahead of some of the best known offenders like Egypt and Russia,” the report said.

The global phishing map.

For cybercrime as a whole, Canada also maintained its number 6 ranking from last year.

Worldwide Cybercrime Rankings
Q2 2012
1. United States
2. France
3. Russia
4. Germany
5. China
6. Canada
7. Netherlands
8. South Korea
9. Romania
10. United Kingdom

In the past year, Canada saw a 39 per cent increase in bot network activity as well as a 239 per cent jump in malicious Canadian Web sites.

 

Why is this happening?

How can squeaky-clean Canada now be phishing central? For starters, that squeaky clean reputation is a definite come on for all sorts of cyber criminals, according to the Websense report.

Then, there is the global trend of growing cyber criminality. Websense reported: “While Canada remained number six in our cybercrime rankings, it is only due to a gigantic surge in compromised, malicious websites in the Republic of Moldova that kept it there. Most likely, one ISP was compromised. Were it not for this quarterly anomaly, Canada would have moved up to number five in our rankings.”

However, Walji also reported that Canada’s less aggressive stance against cyber crime could be a key factor. For instance, he said, there has been a recent string of high profile malicious site take downs in the United States. He said these development could be ample incentives for criminals to take their operation further up the border.

“We are not seeing any big takedowns in Canada. Malicious sites seem to stay up longer than in other countries,” he said.

For example, one recently uncovered online scam involved a bogus email from Canada Post. In this scam, victims receive a message which claims Canada Post attempted to deliver a package but the victim was not around to receive in. The message comes with a link to a delivery receipt and a link to a delivery status report. The link is actually designed to load malware into the victim’s machine.

Bogus Canada Post message

A check using the free file and URL analyzing tool Virus Total, showed that this type of malware is very difficult to detect. Virus Total reported that the Canada Post scam was likely to be detected only once in 40 time by anti-virus and anti-malware tools.

How you can protect your business

Business can minimize the likelihood of their Web sites used by cyber criminals by following these tips:

1. Protect outbound and inbound channels
It’s not enough to defend against real-time threats coming from outside your so-called perimeter. An effective solution must prevent modern malware, and provide visibility and control of corporate information both coming in and going out of an organization.
Use tools that can inspect and control content over the web and email, your two primary communication channels. Data loss via the web is four times more likely than email.

2. Patch Management
Most of today’s attacks are perpetuated by exploiting known vulnerabilities in plug-ins and applications, such as Adobe Acrobat. Timely patch management is a critical necessity for protecting against today’s threats.

3. Identify and protect vital data
Understand what is important for your business, and what damage it would cause if it went missing. Implement an effective DLP solution, so even if the bad guys get in, that doesn’t mean they can walk out with your data.

4. Make sure your enterprise is content secure, and aware
Content security is crucial for defending against modern threats, which often bypass traditional perimeter and endpoint security. Businesses need a security solution that is able to able to identify, classify and understand content on the fly-wherever it travels.

Nestor ArellanoNestor Arellano is a Senior Writer at ITBusiness.ca. E-mail him at narellano@itbusiness.ca, follow him on Twitter, connect on , read his blog, and join the IT Business Facebook Page.