Banks Hit With New Spoofing Attacks

[Don Kennedy <zoverlords () yahoo com>]

From: http://news.yahoo.com/s/pcworld/20060330/tc_pcworld/125263
   
  Banks Hit With New Spoofing Attacks Robert McMillan, IDG News Service 
  Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling 
the first of its type.
 
Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three 
banks' Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble 
the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's 
Computer Crime Center.
   
  Users were then asked to enter credit card numbers, PINs, and other types of sensitive information, he said.
   
  According to Breeden, the affected banks are Premier Bank, Wakulla Bank, and Capital City Bank, all small regional 
banks based in Florida.
   
  This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case 
hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.
   
  Phishing attacks generally require users to click on a bogus Web link, but this attack worked on users who had typed 
in the correct URL for the banks in question.
  Troubling Development Breeden said he had not seen this particular tactic used before. He called it a troubling 
development.
   
  "The bad guys have created a way to take away the safety of typing the address of your bank," he said "We have to 
address it now and say to people, 'Even if you do go to your online bank's Web site, you need to be very careful.'"
   
  Though Breeden believes that the scam was only operational for "a matter of hours," and probably affected fewer than 
20 banking customers, the technique appeared to be very effective at extracting sensitive information. "Probably some 
very smart people fell for this," he said.
   
  The banks' ISP, ElectroNet Intermedia Consulting, does not house consumer data, so any information obtained by the 
hackers would have to have been provided directly by victims, the Tallahassee, Florida-based service provider said.
   
  The Florida Department of Law Enforcement is investigating the crime with the help of ElectroNet and the affected 
institutions, ElectroNet said.
   
  The hacking was contained within an hour of being detected, according to the ISP. However, ElectroNet did not say 
when the attack began or how much time had passed before it was discovered.
   
  New Trends Noticed
   
  Although scammers have traditionally targeted large financial institutions with phishing attacks, that is now 
changing, according to Rich Miller, an analyst with Internet research company Netcraft. "Lately we've seen phishing 
attacks move down the food chain and target much smaller, regional banks," he said.
   
  Smaller banks such as those in the Florida scam can sometimes make easier targets, Miller said. "The big banks are 
able to put more resources into securing their sites," he said.
   
  Like Breeden, Miller had not seen this type of attack attempted previously.
   
  The three banks in question could not be reached to comment for this story, but Premier Bank is now asking customers 
to change their passwords after the bank was notified of a phishing scam, according to a note on the company's Web site.


                
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.