Big German banks hit by phishing attacks
It's the second such attack on Postbank in a month
IDG News Service - Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organized criminal groups search around the globe for new targets, according to a spokesman for Postbank AG.
Postbank suffered its second phishing attack last Thursday, less than four weeks after the bank's first-ever assault, and was linked to a separate strike on Deutsche Bank AG.
Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial or identity theft.
Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries, such as the U.S., the U.K. and Australia. But "over the past few weeks, we've seen a shift to countries like Brazil and now Germany," said Mikko Hypponen, director of antivirus research at F-Secure Corp. in Helsinki, Finland.
Last month, several Brazilian banks were the target of what Hypponen called a "combo attack." E-mail messages were distributed with a Trojan worm that would monitor visited sites. When customers typed the URL or used the bookmarked URL of their bank, Web pages appeared that looked like their banks', allowing criminals to steal sensitive information such as passwords and credit card numbers.
"These pages were very difficult to detect, even for alert online banking customers," Hypponen said.
Although the German phishing attacks appear to be less sophisticated, bank officials have expressed concern that they may now be on the radar screens of international phishing rings. "The first attack about four weeks ago came from Russia," said a Postbank spokesman. "The second attack appears to have originated in Asia. Who knows where the next one will come from."
The most recent attack came late Thursday via an e-mail written in German with several grammatical mistakes. It warned customers of a security risk, asking for their personal identification numbers and a transaction number to resolve the problem.
"We worked together with the police to shut down this site by Friday," the Postbank spokesman said. "We also alerted customers immediately on our Web site."
The earlier phishing attack on Postbank came in the form of an e-mail written in English. "This e-mail really stuck out because we never send any correspondence to customers in English," the spokesman said.
Postbank is one of the country's largest consumer banks, with 11 million customers, of whom nearly 1.7 million have online banking accounts.
The Postbank phishing attack also extended to Deutsche Bank, whose customers received an e-mail with the pseudo Postbank address, which directed them toa page similar to Deutsche Bank's.
"This attack wasn't very professional, to say the least," a Deutsche Bank spokesman said. "We moved immediately to block the corrupt link."
Deutsche Bank has posted an alert to customers on its Web site, telling them never to respond to an e-mail requesting personal data, such as passwords, PINs or transaction numbers.
- The State of Video Conferencing Security Video conferencing equipment, found in almost every boardroom around the world, may be opening up companies to serious security breaches. This paper explains...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But...
- The Value of Symantec NetBackup Appliances In this video, Symantec's Shelley Schmokel, Principal Product Manager for NetBackup Appliances, talks about the NetBackup Integrated Appliances and how they deliver enterprise-class... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!