Big German banks hit by phishing attacks

It's the second such attack on Postbank in a month

Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organized criminal groups search around the globe for new targets, according to a spokesman for Postbank AG.

Postbank suffered its second phishing attack last Thursday, less than four weeks after the bank's first-ever assault, and was linked to a separate strike on Deutsche Bank AG.

Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial or identity theft.

Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries, such as the U.S., the U.K. and Australia. But "over the past few weeks, we've seen a shift to countries like Brazil and now Germany," said Mikko Hypponen, director of antivirus research at F-Secure Corp. in Helsinki, Finland.

Last month, several Brazilian banks were the target of what Hypponen called a "combo attack." E-mail messages were distributed with a Trojan worm that would monitor visited sites. When customers typed the URL or used the bookmarked URL of their bank, Web pages appeared that looked like their banks', allowing criminals to steal sensitive information such as passwords and credit card numbers.

"These pages were very difficult to detect, even for alert online banking customers," Hypponen said.

Although the German phishing attacks appear to be less sophisticated, bank officials have expressed concern that they may now be on the radar screens of international phishing rings. "The first attack about four weeks ago came from Russia," said a Postbank spokesman. "The second attack appears to have originated in Asia. Who knows where the next one will come from."

The most recent attack came late Thursday via an e-mail written in German with several grammatical mistakes. It warned customers of a security risk, asking for their personal identification numbers and a transaction number to resolve the problem.

"We worked together with the police to shut down this site by Friday," the Postbank spokesman said. "We also alerted customers immediately on our Web site."

The earlier phishing attack on Postbank came in the form of an e-mail written in English. "This e-mail really stuck out because we never send any correspondence to customers in English," the spokesman said.

Postbank is one of the country's largest consumer banks, with 11 million customers, of whom nearly 1.7 million have online banking accounts.

The Postbank phishing attack also extended to Deutsche Bank, whose customers received an e-mail with the pseudo Postbank address, which directed them to a page similar to Deutsche Bank's.

"This attack wasn't very professional, to say the least," a Deutsche Bank spokesman said. "We moved immediately to block the corrupt link."

Deutsche Bank has posted an alert to customers on its Web site, telling them never to respond to an e-mail requesting personal data, such as passwords, PINs or transaction numbers.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon