Bank Customers Receive 300 Phishing E-mails Everyday

Bank customers in Ireland are being targeted with as many as 300 phishing attacks per day in which fraudsters try to lure people into divulging their security codes to commit theft from those people's online bank accounts. Ireland's AIB (Allied Irish Bank) has warned its customers that a sharp increase in phishing scams was noticed and therefore, they needed to be more vigilant.

According to Sean Jevens, Head of Electronic Lending, AIB, customers becoming victims of the phishing scams were being defrauded of amounts between €4,000 and € 5,000 each, as reported by Independent.ie on March 19, 2008.

In phishing attacks, fraudsters send e-mail to consumers purportedly from the their bank asking them to provide their codes that secure their accounts. Customers who respond are then taken to a copy of the bank's site for malicious operations. However, AIB has stressed that it never asks customers for their personal details such as login particulars over e-mail. AIB said that it has dealt with ten phishing incidents over the recent weeks in March 2008.

The phishers were also being smart in hiding their tracks. An increase in botnet-run phishing attacks was noticed as with encoded phishing toolkits, which have encrypted 'Hypertext Preprocessor' (PHP) source code. There was also a rise in criminals' use of URL multiplication in which multiple addresses of the same type were applied to lead to the one single attack while bypassing filters.

Intelligence companies dealing with the Internet frauds have found and chased repeated attacks particularly, on customers of Bank of Ireland since 2005. These assaults have fully utilized the experimented and tested approaches ranging from "Your account has been suspended" to "Security Upgrade Notification" transactions to a sinister invitation to "Secure your account against fraudsters."

According to AIB, phishing attacks against banks and their clients have steadily increased all over the world during the recent years. In most cases, although the banks have refunded their affected customers, the act is not mandatory.

Further RSA, the security vendor, via its February 2008 threats report, noted that branded banks from Ireland topped the charts of countries encountering their first attacks.

Related article: Bank Issues Spam Alerts

» SPAMfighter News - 3/26/2008