Application security

Phishing attack use Google Maps, IP addresses to obtain victim location

Phishers are using Google Maps in a new social engineering attack for committing identity theft.

Customers with Bank of America accounts in the United States and account holders with other financial institutions in Australia and Germany have been targeted by the attacks, according to published reports.

Attackers have spread keylogger malware through a fake news report of Australian Prime Minister John Howard suffering a heart attack.

After duped users clicked on an included link, PCs were infected with keylogger trojans capable of allowing a hacker to track a victim’s IP address and find the his or her general location. That information can then be used for identity theft, according to researchers.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that fraudsters can use the information gathered through the IP address and Google Maps to create a profile of the person they’re looking to scam.

"Once you have control of the machine, you can query to see what the IP address is, and you can put the address into a search and it will give you a general location," he said. "Once you have that, it rounds out the profile of the person whose identity you are trying to establish."

Click here to email Online Editor Frank Washkuch.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds