Cyber criminals are now using domain name system hijackings to steal critical personal information, such as credit card numbers, according to a new report by an Internet service provider.
Internet Identity’s eCrime Trends Report revealed evidence that cyber crooks hijacked ChronoPay.com, Russia's largest payment processor Dec. 25 and 26 via DNS hijacking. By redirecting the ChronoPay domain to a bogus payment site, the attackers were able to collect at least 800 credit card numbers from customers attempting to submit payments with ChronoPay.
“While we've been warning for years that DNS hijackings could result in financial disaster, we hadn't seen such a well-planned and successful attack of this nature until this incident,“ said IID President and CTO Rod Rasmussen. “With ChronoPay, our worst fears came true. Unlike the recent DNS hijackings of Twitter, Baidu and others, with ChronoPay we have confirmation that people's vital information was stolen without them being aware of it.“
The report also found that phishing attacks impersonating gaming companies increased 489 percent from the end of 2009 to the end of 2010. Overall, phishing attacks went up 14 percent in the same period. Phishing attacks spoofing e-commerce companies increased over the holiday season, by 13 percent.