Scamsters attack ISACA

Recently phishers targeted ISACA, the organization behind the coveted CISA certification. A website with the name www.cisaca.org was created and tricked users into buying study material or register for CISA exam. The phishers may be after the credit card numbers of the users.

A quick check with Netcraft toolbar revealed the location as China. The domain name of the website is quite interesting; the use of words such as isaca, cisa, ca can be misleading to an unsuspecting user.

Another thing to note in this attack is the shift in focus from a banking or financial institute to other organizations which can be equally vulnerable. Organizations such as ISACA are attractive targets, as they will have users in multiple countries. Users accessing these websites may also be a little less alert than when they are accessing something more sensitive, say Internet Banking. These factors may increase the overall chances of a successful Phishing attack.

We may see more such attacks where non financial organizations are targeted in the future.