[WASC-WHID] WHID 2011-86: Cybercrime Extracts $399,000 from Florida Dentist’s Account

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 11:07:04 EDT 2011

*Entry Title: *WHID 2011-86: Cybercrime Extracts $399,000 from Florida
Dentist’s Account
*WHID ID: *2011-86
*Date Occurred: *April 25, 2011
*Attack Method: *Banking Trojan
*Application Weakness: *Insufficient Authentication
*Outcome: *Monetary Loss
*Attacked Entity Field: *Online Trading
*Attacked Entity Geography: *
*Incident Description: *“Before the cybercriminals launched their TDoS
attack, they found a way to obtain Dr. Thousand’s Ameritrade account
information and password. Victims in these cases are often targeted through
phishing attempts or by clicking an innocuous-looking email link that
downloads malware to their system. In this manner, criminals are able to
capture account details, passwords and other personal information. Once they
have access to an account, they can then change the contact numbers and
impersonate the victim when communicating with the bank or broker.”
*Mass Attack: *No
*Reference: *http://www.prweb.com/releases/2011/4/prweb8338409.htm
*Attack Source Geography: *USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/a7cd2cf6/attachment-0003.html>

More information about the wasc-whid mailing list