some image

Having fun, writing about the stuff I like

A Surprisingly Successful Phishing Exercise

Oscar Foulkes July 22, 2010 Uncategorized No comments

Over the past week this site has been hacked by scammers operating phishing campaigns. The first one targeted HSBC clients. No sooner had I killed this one than they launched one for Alliance & Leicester. With some additional technical assistance the problem now seems to have been fixed.

I can’t say I’m in the least bit surprised that the source of the ‘hack’ was a computer in Nigeria. The part that has surprised me is the number of people around the world who fell for it, which I can see by the traffic to the scammers’ pages.

Banks are constantly warning clients about phishing. The media carries phishing stories on a regular basis, so one wouldn’t think that it would be necessary to say anything more about the practice. However, the dozens (if not hundreds) of visitors to the forged pages on suggest that another warning voice is necessary.

OK, here goes, phishing (derived from ‘fishing’, for obvious reasons) involves emails purporting to be from a bank (often looking quite authentic), asking recipients to confirm their login details. These are harvested on a forged web page (like the one they set up here). The scammers then use the login information to clear out the accounts of the people they’ve caught out.

Of the Alliance & Leicester traffic, I saw at least one (perhaps several) visitors get as far as – and maybe beyond – a page called ‘login’, which indicates that there are more gullible people in the world than one would expect.

As a rule of thumb, your bank will never ask you to confirm your login details. Ensure that the site you’re logging onto is, in fact, your bank’s own website.

We spend a lot of time coaching our kids on safe internet useage; perhaps it’s the adults that need it more!

Add your comment