Hackers Used Kiwibank To Dupe Unwary Customers

An email purportedly originating from the Kiwibank in New Zealand - recommending customers for keying in their updated personal information - is actually a malevolent phishing campaign, cautions Sophos.

Using the logo of Kiwibank, this email cons the customers in to clicking on the hyperlink provided in the mail, so that the users can key in their updated personal information and therefore make sure they remain eligible for the policy of banks while guaranteeing their funds.

The email goes like this: "...We're so sure of our Internet banking security-system that we assure your money...kindly continue with your Kiwibank personal online banking now to get more updates about your account maintenance."

Sophos's Technology Head Paul Ducklin said that phishing email didn't read like the one that customers would anticipate from a bank. ZD Net Asia published Ducklin's statement on May 29, 2007.

Ducklin further reminds users that the best way to keep themselves safe against phishing scams is to simply 'AVOID" them. While there could be low risk of being hooked, there's a lesson that everyone should learn from this campaign. Also, warnings have been sent out by Kiwibank on its valid website. The warnings urge customers, who might have clicked on the forged link, to change their passwords without delay and also get in touch with the bank as soon as possible.

Consumers & small businesses need to protect their servers, PCs, and gateways with a consolidated solution to thwart the threats of viruses, spyware, phishing, hackers and spam, as well as controlling which applications are authorized to run on the network. They should also think before executing any unknown application on their computers, recommends Ducklin.

"Sophos estimates that there are 70% malevolent web pages at present, being abused by malware spreaders and phishers, that aren't directly linked to cyber crooks. However these web pages are genuine websites that have been invaded & borrowed for carrying out cyber crime," said Ducklin.

Genuine websites also suffer due to these scams. And the website that was used in Kiwibank phishing scam seemed to belong to some sole-trader in the US. "This website is extensively blacklisted, and is offline now," as per Ducklin.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 07-06-2007

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial