Subscribe to RSS feeds


May30
by Abigail Villarin (Fraud Analyst)

Banks all over the world are fast taking on the challenge (and opportunity) of bringing part of their operations online. Sadly, being spoofed in a phishing attack is one of the risks financial services companies have to continually address via user education. Early this week we were able to catch a phishing attempt targeted at account holders of the National Bank of Kuwait (NBK).

The phishing URL pretends to be a legitimate National Bank of Kuwait official login page:

After entering the required information the next phishing page will ask for your ATM Pin and Civil ID. This may attempt to confuse the users into believing that the phishing Web site is directly related to the legitimate site:

Here is a screenshot of the legitimate National Bank of Kuwait login page (a brilliant copy, yes?):

Note that doing a WHOIS on the actual phishing URL reveals that the attempt seems to have originated from Chile. The attack is directed at users in the Middle East. Phishers typically commit border-crossing crimes to at least hold off immediate entrapment by the law. Trend Micro users need not worry as our URL filters already recognize and block this threat.



This entry was posted on Friday, May 30th, 2008 at 3:14 am and is filed under Phishing . Responses are closed, but you can trackback from your own site.



Comments are closed.


Total Recall: The Month of Mass Compromises
Flash Bugs Exploited in Latest Mass Compromise


 
TrendWatch Hijack This Security Tips for Consumers
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
Glossary of Threat Terms

 
© Copyright 2008 Trend Micro Inc. All rights reserved. Legal Notice