We have noticed a lot of SMS-based web-phishing attacks in China targeting the Bank of China’s online users. They received a phishing SMS that is designed to look like it was sent by the bank as a reminder to its customers: “Dear user, your token has expired, please visit http://www.boc**.com to reactivate your token.” The URL is similar to the bank’s official website but points to a phishing site that looks almost like the original bank website.
On this bogus phishing website, there is a button on the top right that says “Upgrade your token.”
Once the user clicks this button, it redirects to a page that looks like the normal online-banking login page. The criminals will get all the info they need to steal money from the victim’s account: user ID, password, and token.
This information is used immediately to transfer the victim’s money into the attacker’s account before the token expires.
A lot of technologies–including tokens, certificates, dongles, etc.–are designed specifically to protect against phishing. But even though Bank of China uses tokens to enhance security, customers still need to take care to prevent this type of phishing attack.
Related Posts
- Phishing Attacks Target Twitter Users
A new attack on Twitter users has been arriving as spam with a phishing link. It appears as a notification about an unread message from Twitter Support with a subject line such as “Twit 73-923.&... - Commonwealth Bank served as training ground for global phishing attacks
When international organised crime groups launched the first wide-scale phishing attacks in 2003, their targets weren’t the United States or the...
View full post on Computer Crime Research N... - Bank of Baroda Phishing Scam
Its now Bank of Baroda getting targeted for the phishing attacks.
A mail having subject line : MESSAGE TO ALL BARODA CONNECT USERS!!! getting circulated containing an
attachment.
If you click to ... - Why do phishing attacks work better on mobile phones?
During my regular reading on the main feeds on information security this week, I found a small and particular news that, I consider, invites us to think about it. It turns out that according to a pos... - Virus attacks Android phones in China: researchers (Reuters)
Reuters - A powerful virus targeting smart phones in China running Google Inc's Android operating system may represent the most sophisticated bug to target mobile devices to date, security researcher... - Facebook used for phishing attacks and open redirects
Recently, at Websense Security Labs, we have seen Facebook being used to
display phishing pages for different services, as well as to redirect
to phishing pages hosted elsewhere. Below are two... - Phishing targets BNP Paribas Fortis users in Belgium
MX Lab, http://www.mxlab.eu, started to intercept a phishing campaign that targets BNP Paribas Fortis account users in Belgium. The email is sent from the spoofed email address “BNP Paribas Fort... - Internet Explorer users warned of new zero-day attacks
Microsoft has warned users of all supported versions of the Internet Explorer browser that an unpatched vulnerability exists in the product that is being actively exploited by malicious hackers in ta... - More Bank Phishing in India
In the recent times, with almost all Nationalized and Private Banks in India offering Online Banking as one of their core services to customers, it is more than obvious that there looms a huge opportu... - Phishing a Bank with an Offer of Mobile Phone Airtime
In October 2010, a phishing site of a bank was observed that used fake offers of mobile phone airtime as bait. A similar trend was reported earlier in the phishing of a social networking site.
read mo...
Posted on 17 February 2011. Tags: Attacks, Bank, China, Massive, Phishing, strike, users
The above information is reprinted from and copyrighted © by McAfee.
