Phishing Scam Caused ABSA’s Customers to Lose Thousands

ABSA Bank has posted an alert on its website that many of its customers and non-customers (people who don't have account with ABSA) have received an e-mail that contains a link to its fake website.

Security experts have explained that if anyone clicks on the provided link, he is asked to update his details. As soon as one enters his details on the fake ABSA site, some amount of money gets deducted from his account.

Therefore, ABSA has asked all its customers that they should avoid following the instructions given in the e-mail or confirm their login details. This is a new method devised by phishers to defraud bank's customers.

Along with this new fraud tactic, cyber criminals use the conventional vector of identity theft. They send an e-mail to customers with a warning of security theft and request them to open a link in order to update or confirm their login details, including user number, access account number, e-mail address, password and PIN numbers, on the fake website. This website doesn't have key icon and lock or the actual browser address of ABSA online banking.

After harvesting the sensitive information, fraudsters access the actual ABSA online banking website and start to perform transactions on real customers' portfolio which needs the RVN number (one time password) that is sent to the account holders.

In order to access RVN which was sent to valid customers on their mobile phones, fraudsters send an e-mail asking for the RVN and use it to register new beneficiaries, raise transaction limits and to commit theft.

One woman victim of the scam said that she had virtually lost everything. She explained that she had accessed the ABSA link and within 5 minutes every single penny from her account was gone, as reported by eyewitnessnews.com on September 9, 2009.

The victim also revealed that fraudster could only steal money when the account holder used online banking and entered PIN. As soon as one entered the details, the money got pilfered from his account.

Eventually, ABSA has confirmed that it would never dispatch a sms or an e-mail asking its customers to update their account on its website.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 9/17/2009