Banking Sector Hacked by Phishing Sites
The research team of Fortinet Global Security has reported two phishing attacks on major banks. The spam attacks were mounted using Storm Worm botnet and are being touted as the first targeted attack on the financial segment exploiting the vast network of zombie machines created by Storm Worm.
The network of zombie computers, which are used for phishing activities, were initially used for Denial-of-Service (DoS) attacks, and then inflating the prices of the stock artificially. The huge network of zombie computers has been put to use to send out spam mails to Barclays Bank customers so that hackers can access the personal details of users.
The spammers targeted Barclays Bank, which Fortinet Global security team detected and finally slammed the phishing site of Barclays. The detection of phishing site mounted a fresh new attack on the customers of Halifax Bank, told the Team Manager of Fortinet Threat Response Team, Guillaume Lovet, SCMagazineUS on January 8, 2008.
Fortinet in its report told that the phishing attack on the financial sector is a new development in the sphere of evolution of Storm Worm. The report further said that phishing has posed a threat to the banking sector as its aim is to devoid the bank of its financial details completely.
Lovet remarked that the phishing e-mails that were sent in the initial Storm Worm attack were linked to a spam site called i-Barclays.com which is hosted by a Russian domain. Thousands of phishing mails were sent in the form of general e-mails by trapping bank customers, said Lovet.
In every typical phishing attack, the recipients open an e-mail which looks official and informs them about the bank conducting a "periodic review" of the accounts of its customers, so that they can reduce the fraud and spamming into their websites. The recipients through the e-mail are guided to click to a link intending to be of a bank's website, so that it can cross-check their account information. But the link directs the recipients to the phishing website that further attempted to hack the confidential information, like account log-in details and password.
Related article: Banking Customers Prime Target of Online Attackers
» SPAMfighter News - 22-01-2008