‘First $1m phishing fraud’ hits inboxes
- Added:
- Jul 24, 2008
A new attack on online banking customers looks set to become the world’s first million-dollar phishing fraud, according to Internet intelligence specialists Envisional.
The criminals behind this assault have come up with a new way to con bank customers into revealing passwords and log-in details – through colourful emails offering the chance to win $100,000 or an all-inclusive Las Vegas holiday package and claiming to be from Visa, Mastercard and American Express.
Most “phishing” attacks come in the form of spam emails addressed to customers of a particular bank and catch a few dozen people. The new approach threatens to trap many more customers, because it uses a single email to target online account holders with any one of 12 major banks, and persuades the victim to help the process along by selecting the right bank from a drop-down list.
This latest scam, detected by analysts at Internet intelligence and risk management company Envisional, begins with an email that looks like an online travel website, with photos and write-ups depicting grand Las Vegas hotels.
It offers a $100,000 personal credit card or the chance to win ten days in a top hotel, plus up to $30,000 spending money, to those who join a new “Casino Rewards” programme, supposedly run by Visa, MasterCard and Amex and sponsored by 12 large US and international banks.
People who click through to the website that offers further information are invited to pick their bank from a drop-down list, effectively identifying themselves as phishing victims. A further click takes them to a faked web page that mimics the log-in page of the bank in question. Username in one slot, password in the other, and the account is ripe for emptying.
“Despite all the previous warnings to consumers, a phishing attack on a single bank’s customers often leads to losses of up to $100,000,” says Envisional’s David Franklin. “But this attack is unusual, fairly subtle and targeted at 12 banks at once.
”Many more people will be taken in by this two-stage approach, in which the victim is initially reassured by the familiar credit card logos and then goes on to choose for himself from the list of banks.
“With more banks in the frame and more account holders being tricked, we can expect to see many hundreds of victims, mostly in the US, but also among UK and European customers of banks like Capital One, Citibank, MBNA and Wells Fargo. Total losses could easily be over $1 million.”
Source: www.envisional.com
