Phishers target Bank of Bahrain and Kuwait

There's nothing new about phishing scams for banks. Most recently Bank of Bahrain and Kuwait's (BBK) branch in Kuwait was targeted for phishing. The scam involves an email to users, which purports to be from BBK. The email looks genuine enough with the original BBK logo, email address and a messaging bearing the signature of BBK's official advisor for Internet safety. When a customer falls victim to this scam, fraudsters are able to access his BBK account.

The content of the email is as follows. Reconfirmation of the customer's records is requested to pre-empt possible problems relating to online access. An all-new appearance of the website is mentioned with the launch scheduled for the beginning of September this year.

The email also includes a link which directs the customer to a fraudulent website where one's personal and confidential details are sought, with which phishers can access the account. The look of the website bears a striking resemblance to the original BBK website.

Corporate communications manager, BBK, Noora al-Nusuf confirms that such scams are rampant, attempting attacks on financial institutions at every opportunity. There has been no official email from BBK making any such request. The link that is enclosed in the email is anything but authentic.

To the average user there appears to be no difference between the original and fraudulent website to the naked eye, save for the website address that can be a giveaway.

Internet banking must always be accessed by manually entering the URL of the bank on the web browser. Users also need to remember to make sure that a closed padlock or an intact key at the base of the browser window is displayed before proceeding on the website of the bank. As soon as the computer connects to the Internet securely, the bank's URL changes with an s being added after http. This was the statement released by Bank Safe Online, a website by an association of UK banks to spread awareness of Internet security.

BBK has also initiated an awareness drive to check scams from claiming victims and sought the assistance of its local Internet Service Provider to block the fake websites. Unfortunately it can be extremely difficult to trace the source due to the very circumstances in which the activity is carried out.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 9/6/2006