Four Portuguese banks are serving as a pretext for yet another attack phishing. Detected just yesterday, this new attack targets Millenniumbcp, Caixa Geral de Depósitos, Banco Popular and Banif customers.
António Filipe, director of CGD’s electronic channels, explained to TeK that it is difficult to count the number of bank customers in question targeted by the attacks, given their characteristics of mass execution.
Typically attacks phishing they are carried out through the massive sending of e-mail messages imitating a bank, or other entity, to request the user to enter a set of confidential data to access bank accounts, which will subsequently allow the execution of fraudulent actions.
In this new attempt, the manager does not find elements that indicate a high level of sophistication, but recognizes a methodological change that explains the economies of scale allowed. This is because the attempted attack is aimed simultaneously at the users of the four banks, a method that is used for the second time in Portugal.
Most banks have focused on making information available online which insistently warns customers not to provide confidential access information to their bank requested through email, customer contact policy that banking institutions do not use to update information.
Along with the provision of information, CGD guarantees that it maintains a constant investment in the security of its homebanking and coordinated action with the authorities whenever a problem is detected.
António Filipe stresses that the group is aware of this phenomenon and is aware that this is one of the fastest growing computer threats and for which the forecasts continue to grow, as indicated by the reports of most security companies.
With regard to banking, the official considers that these predictions are justified by the weak possibilities of success of other types of attacks – by the sector’s strong investments in the area of security – that made hackers focus their efforts on a type of crime «that requires little sophistication and that addresses the user directly «.
On the user side, it is also recognized that there is now a greater awareness of threats online. In the case of CGD, the bank assumes that the customer is better informed about this type of threats due to the decrease in the number of contacts received whenever there is an attempted attack.
Millenniumbcp also assured TeK that the new attack attempt «had no significant impact». The bank’s institutional source adds that it is necessary to «consider, increasingly, attacks by phishing as «normal» … There are thousands around the world, above all directed at financial institutions «.
Millenniumbpc also has no note of successful attack attempts.
Cristina A. Ferreira
2007-01-02 – Phishing attacks increase 56 percent in 2006