1 min read

New Phishing Scheme Targets Abbey E-Mortgage Clients

Răzvan LIVINTZ

May 11, 2009

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New Phishing Scheme Targets Abbey E-Mortgage Clients

One of the most counterfeit bank identities in the world,
Abbey, which ranked the eighth in our latest E-Threats
Landscape Report
, got again the phishers’ attention.

The unsolicited message sent on behalf of Abbey Anti-Fraud
Team warns the bank customers about the alteration of their accounts. Hence, it
asks them to update the compromised information by accessing the page provided
in a hyperlink.

Phishing Abbey

The link does not lead to the on-line bank portal, but to a
Web page that employs several visual identification components of the original
Web site, namely the bank logo and the general formatting elements.

Phish Abbey

Few details: even though all menu options are available,
clicking any of them will return a “404 Page Not Found” message. Moreover, one
can easily see that the Web page address mimicking the genuine Web site loads from
a different domain (.net instead of .co.uk).

Also, there are no specific security elements, one could
expect to find on an e-banking site, namely SSL encryption (Secure Socket
Layer) and security authentication methods (no “https” prefix and locked padlock).

The analysis of source code revealed that the sensitive data
are stolen using a single PHP script (loginphish.php), that records and sends
to a remote database the card number or personal ID, passcode and registration
number.

tags


Author


Răzvan LIVINTZ

I rediscovered "all that technical jazz" with the E-Threat Analysis Team at Bitdefender, the creator of one of the industry's most effective lines of internationally certified security software.

View all posts

You might also like

Bookmarks


loader