Ramblings & ephemera

Phishing by altering the bank’s server

From Computerworld‘s “Florida banks hacked in new spoofing attack“:

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.

Earlier this month, attackers were able to hack servers run by the Internet service provider that hosted the three banks’ Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement’s Computer Crime Center.

Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank and Capital City Bank, all small, regional banks based in Florida.

This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.

… Though Breeden said the scam was operational for only “a matter of hours” and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information.

Comments are closed.