Florida banks hacked in new spoofing attack

Hackers redirected users after changing banks' Web sites

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.

Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks' Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's Computer Crime Center.

Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.

This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.

Phishing attacks generally require users to click on a bogus Web link, but this attack worked on users who had typed in the correct URL for the banks in question.

Breeden said he had not seen this particular tactic used before. He called it a troubling development.

"The bad guys have created a way to take away the safety of typing the address of your bank," he said. "We have to address it now and say to people, 'Even if you do go to your online bank's Web site, you need to be very careful.' "

Though Breeden said the scam was operational for only "a matter of hours" and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information. "Probably some very smart people fell for this," he said.

The banks' Internet service provider, ElectroNet Intermedia Consulting, does not house consumer data, so any information obtained by the hackers would have to have been provided directly by victims, the Tallahassee, Fla.-based company said.

The Florida Department of Law Enforcement is investigating the crime with the help of ElectroNet and the affected institutions, ElectroNet said.

The hacking was contained within an hour of being detected, according to ElectroNet. However, it did not say when the attack began or how much time had passed before it was discovered.

Although scammers have traditionally targeted large financial institutions with phishing attacks, that is now changing, according to Rich Miller, an analyst at Internet research company Netcraft Ltd. "Lately we've seen phishing attacks move down the food chain and target much smaller, regional banks," he said.

Small banks such as those in the Florida scam can sometimes make easier targets, Miller said. "The big banks are able to put more resources into securing their sites," he said.

Like Breeden, Miller had not seen this type of attack attempted previously.

The three banks in question could not be reached to comment for this story, but Premier Bank is now asking customers to change their passwords after the bank was notified of a phishing scam, according to a note on the company's Web site.

Related Opinion:

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon