Deutsche Bank hit again by phishing attack

'There was no damage done,' a bank spokesman said

Deutsche Bank AG was the target of a new phishing attack late yesterday and today after facing its first-ever reported assault last week (see story), according to a bank spokesman.

"We were hit by another phishing attack last night but were able to respond quickly," the spokesman for the German bank said today. "We blocked access to the pseudo Deutsche Bank Web site by 8:30 a.m. ... There was no damage done."

Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers and account usernames and passwords, which can then be used for financial theft or identity theft. Usually, the bogus e-mail looks as if it came from a bank or payment service, requesting confidential account information for verification. Often, the spoofed e-mails threaten to discontinue service if information isn't provided.

Security researchers at German Internet security portal Heise Security detected phishing e-mail messages last night, according to Jurgen Schmidt, a security expert at Heise Security.

"We received several phishing e-mail messages addressed from with the subject 'security update,' " he said. "Bank customers were told to click the link and provide their PIN [personal identification number] and a TAN [transaction number] to verify their account."

Schmidt said the text of the latest phishing attack was similar to that of the first one but contained more grammatical errors. He couldn't confirm whether both attacks were launched by the same person or group of people.

"It appears as if the phishing e-mail messages came from PCs infected with a Trojan horse program," Schmidt said.

Phishing attacks in Germany have grown -- in both quantity and quality -- over the past six months, according to Schmidt. "We are seeing not only more attacks, but also more of these fraud e-mail messages and Web pages now written in German."

Why Germany? "I believe the motive is not the country itself, but mainly the opportunity to perform a phishing attack," wrote Mirko Zorz, a security expert at the Croatian Internet security portal "Phishing attacks are something waiting in any country worldwide."

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon