Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Italian bank Banca Popolare di Sondrio has become phishers’ new target with the discovery of a spammed message containing a link to the supposed bank’s Internet banking site, SCRIGNO.

    Click for larger view

    As with previous bank-related phishing attempts, clicking the link leads users to a site that looks very much like the legitimate Internet service’s login page. The site asks users to enter their user codes and personal identification numbers (PINs). After giving out the requested information, they are redirected to another site that asks for a control code, which is indicated in every Scrigno client’s card.

    Click for larger view Click for larger view

    Once users have provided all the necessary information, they are redirected to the real SCRIGNO site. Unfortunately, by this time, the phishers have already acquired the data they need.

    Click for larger view

    Phishing attacks, regardless of vector—spamming or site spoofing—are already a staple in the current threat landscape. As in this most recent attack, cybercriminals often send out spammed messages purporting to come from various banks to users in an attempt to trick them into clicking embedded malicious links, as shown in the following previous posts:

    Cybercriminals also spoof legitimate banking sites for their profiteering schemes. In such an attack, they leverage users’ trust on the latest banking technologies, as in the following previous attacks:

    To avoid becoming victims of phishing scams, the best solution is still user vigilance. Users must continue to be wary of suspicious-looking email messages and must refrain from clicking dubious links. Being familiar with the full addresses of banking sites users access can also prevent them from unwittingly giving out critical information in phishing sites. Of course, using an effective security solution will also help.

    Trend Micro™ Smart Protection Network™ protects product users from this threat by preventing the spammed messages from even reaching users’ inboxes via the email reputation service. It also blocks access to the said phishing site via the Web reputation service.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice