Big German banks hit by phishing attacks
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Fraudsters discover the non-English speaking world
By John Blau | Düsseldorf | Wednesday, 25 August, 2004
Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organised criminal groups roam the globe seeking new targets, according to a German Postbank spokesman.
Postbank suffered its second phishing attack recently less than four weeks after the bank's first-ever assault and it was linked to a separate strike on Deutsche Bank.
Phishing attacks use spoofed email and fraudulent websites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.
Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries, but "over the past few weeks, we've seen a shift to countries like Brazil and now Germany," says Mikko Hyppönen, director of antivirus research at F-Secure.
Last month, several Brazilian banks were the target of what Hyppönen callz a "combo attack".
Email messages were distributed with a Trojan worm that would monitor visited sites. When customers typed the URL or the bookmarked URL of their banks, web pages appeared that looked like the banks', allowing criminals to steal sensitive information such as passwords and credit card numbers.
"These pages were very difficult to detect even for alert online banking customers," Hyppönen says.
Although the German phishing attacks appear to be less sophisticated, the country's bank officials have expressed concern that they may now be on the radar screen of international phishing rings.
"The first attack about four weeks ago came from Russia," says a Postbank spokesman. "The second attack appears to have originated in Asia. Who knows where the next one will come from."
The most recent attack was made via an email written in German with several grammatical mistakes. It warned customers of a security risk, asking for their personal identification number and a transaction number to resolve the problem.
Postbank and police counter-attacked and the site was shut down in about 24 hours. Postbank used its website to alert its customers to the threat.
The earlier phishing attack on the Postbank came in the form of an email written in English. "This email really stuck out because we never send any correspondence to customers in English," says the Postbank spokesman.
Postbank, which was spun off of the former German public administration for post and telecommunications, is one of the country's largest consumer banks with 11 million customers of whom nearly 1.7 million have online banking accounts.
The Postbank phishing attack also extended to Deutsche Bank whose customers received an email with the pseudo Postbank address, directing them to a page similar to Deutsche Bank's.
"This attack wasn't very professional, to say the least," according to a Deutsche Bank. "We moved immediately to block the corrupt link." Deutsche Bank has posted an alert to customers on its website, telling them never to respond to an email requesting personal data, such as passwords or identification numbers.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
