New email phishing scam scripts the way to fake banking sites

Posted on 3 Nov 2004 at 12:51

A new phishing scam has been discovered that redirects victims to a fake banking site each time they visit their bank online.

UK security company MessageLabs says it has picked up on numbers of emails being spammed out which, if viewed, run a script that redirects visits to the websites of certain banks to dummy pages, where log in details can be harvested by the attackers.

Currently the emails are low in number - around 100 - and target Brazilian banks. However, the scam is a step forward in sophistication for phishes, as it doesn't require potential victims to follow a link in an email - every attempt to log on to the target bank site will be redirected to a fake one.

Alex Shipp, Senior Anti-Virus Technologist at MessageLabs, said: 'This latest technique demonstrates how phishing attacks could become increasingly difficult for end users and online organisations alike to protect against. By reducing the need for user intervention, the perpetrators are making it easier to dupe users into handing over the contents of their bank accounts. Most banks have advised their customers to be wary of any email asking for personal banking details, but in this case all they have to do is open an apparently innocent email and their bank details could be silently sabotaged.'

The current form of the email carries a subject line along the lines of 'Hi, please read this important information'.

The script will only run on Windows systems with Windows Scripting Host turned on. It is not disabled by default, so most users would be at risk to this kind of attack. To check the status of your machine and disable the service there are walkthroughs provided by Symantec and Sophos.

Author: Matt Whipp