Phishers are using Google Maps in a new social engineering attack for committing identity theft.
Customers with Bank of America accounts in the United States and account holders with other financial institutions in Australia and Germany have been targeted by the attacks, according to published reports.
Attackers have spread keylogger malware through a fake news report of Australian Prime Minister John Howard suffering a heart attack.
After duped users clicked on an included link, PCs were infected with keylogger Trojans capable of allowing a hacker to track a victim’s IP address and find the his or her general location. That information can then be used for identity theft, according to researchers.
Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that fraudsters can use the information gathered through the IP address and Google Maps to create a profile of the person they’re looking to scam.
"Once you have control of the machine, you can query to see what the IP address is, and you can put the address into a search and it will give you a general location," he said. "Once you have that, it rounds out the profile of the person whose identity you are trying to establish."