Attackers behind phish mails see new opportunities as banks add levels of security

Posted on behalf of Dan Bleaken, Malware Data Analyst
Financial organizations undergo frequent changes from the point of view of their customers, whether it’s a change to security processes, takeovers, re-branding, new products and so on.  Phish emails often contain generic messages like ‘Account Suspended’ or ‘Update your account details’, but when a change such as this takes place, the perpetrators of the attacks are quick to react and try to convince unfortunate victims to part with their login details.  Attackers know that if they refer to things in the message that customers are familiar with, perhaps from real communications with the imitated organisation, then the target is slightly more likely to fall into the trap, and part with their precious personal details.  For example, last year, with the credit crisis in full swing, and banks closing, re-branding, being taken over, MessageLabs Intelligence intercepted many phishing attacks that referred specifically to those events.
During the last few days MessageLabs Intelligence intercepted an interesting phishing attack, aimed to take advantage of one bank’s customers by referring to an extra level of security added by the bank.  The attack started at about 11:25 GMT on Friday 04/11/2009.  Recently (approx 25NOV2009), the target bank introduced a One Time Passcode (OTP), which is used when a customer adds a new standing order, or tries to transfer money to another account.  When (continue reading...)