The most recent phishing scam has cyber-criminals hijacking Domain Name Systems (DNS) to steal significant private information like credit card numbers, according to online Identity’s Fourth Quarter eCrime Trends statement.
Tacoma-based IID says that using DNS hijacking, hackers doing well attacked ChronoPay.com, Russia’s biggest payment processor — and one of the largest payment processors in Europe — for a number of hours on Dec. 25 and 26. ChronoPay.com is the equal of PayPal here in the U.S. By redirect the ChronoPay domain to a bogus payment site, the attackers unruffled as a minimum 800 credit card numbers from consumers attempting to submit payments with ChronoPay.
“While we have been caution for years that DNS hijackings might effect in economic disaster, we had not seen such a well-planned and unbeaten attack of this environment until this event,” said IID President and CTO Rod Rasmussen. “With ChronoPay, our most horrible doubts came true. Unlike the new DNS hijackings of Twitter, Baidu and others, with ChronoPay we have verification that people’s very important information was stolen without them being alert of it.”
As the translator among the domain names and IP addresses, DNS is the paste that holds everything mutually on the Internet, from keeping time to conducting communication to transmitting messages to sharing corporate and customer data. By hijacking these DNS translations, scam attackers can drive unsuspecting surfers and corporate users to malicious sites, making great parts of the web largely insecure. They also can catch commercial e-mail, economic transactions, and other highly responsive information and individual information.