Home About Us Products Support Downloads Resellers Links







 

Latest News
Latest Threats
Trainings
Mailing Lists

 

 

 

 

 

Latest News

 

First “Phishing attack” targeted to customers of Greek bank.

 

The Phishing phenomemon is already known for several years and numeral banks have fallen victim.

On 25 October 2005 however the first Phishing attack to a Greek bank appeared.

A phishing email message was sent out to huge numbers of recipients in Greece, urging them to verify their Internet Banking details on the official site of the bank. The email address contained a link to a website with a form to be completed. Obviously this website did not belong to the bank, but to the attacker.

It was a well-prepared attack, with some remarkable characteristics:

-       All the email messages that Inter Engineering noticed were sent to existing email addresses. This in contrast with most spam which is simply sent to huge numbers of random addresses. So the attacker had prepared his target base well

-       The attacker set up 3 websites hosted in different countries. In messages sent starting in the night and early morning, the links pointed to 2 of the 3 websites. In the early midday of the 25th a new batch of messages was sent out pointing to the 3rd website. Thus the attacker was prepared for his websites being taken “out of the air” and therefore kept the 3rd one for later.

Inter Engineering immediately contacted the bank to make sure that they were aware, and also informed the authorities.

Early reaction of the Bank made sure that the attacker’s websites were deactivated and replaced with a link to the bank’s official website, where a warning was published.

Therefore the damage done is most probably very small, but nothing guarantees that there will be no more similar attacks. Inter Engineering foresees that this was most probably the first of a series of phishing attacks to Greek internet banking customers.

The only effective protection against the phishing attacks is education of users. A bank would never send out a mass mailer inviting people to fill in their internet banking details on a website. Therefore users should use their common sense and a healthy dose of scepticism before following instructions they see in email addresses or on websites.

Using good Anti Spam and/or content security solutions it is also possible to filter out such kind of messages.

By 26 October the phishing email messages have stopped circulating.