Commonwealth Bank customers are being inundated with phishing attacks, some at a rate of several scam emails a day, sent by cyber criminals seeking to steal passwords and credit card details.
The scammers, who are specifically targeting the bank in a sustained assault, are bombarding customers with several clever variations of the email ruse - such as using bogus call centres - in an attempt to hook even tech-savvy web users.
The emails have largely managed to evade spam filters using methods such as images instead of text.
Commonwealth Bank spokesman Steve Batten said the bank was working closely with the Australian Federal Police's Australian High Tech Crime Centre to track down the scammers. However, the bank appears to be losing the war.
"As soon as we close them down they are opening up elsewhere," Batten said.
This is backed up by figures from the Australian Payments Clearing Association, which reported a 33 per cent increase in both the volume and value of fraudulent online payments in Australia for the year ended December 31, 2008.
The scam emails, which look authentic and include the Commonwealth Bank's logo, try to trick the victim into handing over sensitive information by telling them they need to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.
When the victim clicks on the link in the email, they are either infected with a password-stealing virus or presented with an official-looking page that asks them to enter their details, which are then harvested by the fraudsters.
Batten said some of the emails purport to come from actual Commonwealth Bank staff members. He stressed that the bank would never ask customers to submit sensitive information over email.
But in a new variation on the traditional "phishing" attack, which usually asks victims to click on a malicious link, one Commonwealth Bank scam email asks customers to call a Queensland phone number in order to redeem a $500 "cashback bonus".
IT contractor Tom Howard, from the Central Coast, received the email and attempted to call the number just as an experiment.
"It's an automated system with an American accent that welcomes you to the Commonwealth Bank of Australia and then requests an account number or says something's expired and asks for your credit card number," he said.
The voice recording then requested Howard's expiry date and pin number, but he just entered in random digits.
"It actually told me the information was incorrect, which suggests that it's hooked up to a payment gateway and it's actually trying to do an authorisation on the credit card right then and there," he said.
Howard said he was alarmed at the sophistication of the scam and believed the bogus call centre idea would trick a lot of people.
"People have been conditioned in terms of these phishing emails to 'don't click on the links', but not so much to 'don't call the number'," he said.
Source: By Asher Moses, Sydney Morning Herald, 02.06.09
No comments:
Post a Comment