Security experts are reporting incidences of new 'personalised' phishing attacks, in which organised gangs of fraudsters use stolen consumer data to target individual account holders at specific banks.
New York anti-fraud firm Cyota says its researchers have detected customised phishing attacks against several customers.
Contrary to a typical phishing attack where fraudsters send out hundreds of thousands of spam e-mails and hope for the best results possible, personalised attacks target account holders at specific banks.
Cyota says fraudsters use real stolen data about the account holder – such as the person's name, e-mail address, account numbers and other bank information – to make the spam e-mail look more legitimate.
The motive behind the fraud is to enhance existing lists of stolen credentials with more sensitive information such as PIN numbers. Cyota says these complete sets of credentials have a higher resale value among the online fraud communities than just names and account numbers.
Amir Orad, EVP of marketing at Cyota, comments: "Personalised phishing dramatically increases the chances of account holders responding to the attack and, if successful, provides fraudsters with even more valuable information that allows them to conduct extensive fraud."
Orad says this highly coordinated, two-phase fraud attack demonstrates the need for innovation among banks and security providers to match the continuing evolution of online threats.