| |
Phishing for bank details in Portugal20 June 2005
So-called ‘phishing’ attacks involve trying to fraudently obtain personal data, particularly banking information, from Internet users.
Such attacks first hit the USA, UK and Australia in 2003, but it’s a new phenomenon in Portugal. |
In February 2005, the Anti-Phishing Work Group reported 2625 active phishing sites. This represented a 26% increase since July 2004. These sites are mostly hosted in the USA, China, North Korea and Brazil.
In recent weeks, Portuguese email addresses have also been targeted. Messages purporting to come from Portuguese banks ask the reader to ‘update’ personal banking data. The fraudsters behind these actions reproduce the banks’ website designs to try and deceive the recipient into believing the request is genuine.
The messages typically cite system failures as the reason for requiring an update. They claim the user must give personal and banking information to be able to use the online banking services again.
The victims only realise the fraud much later, when they are required to pay for purchases they never made. In some cases, new bank accounts have been opened and money transferred from the victim’s accounts.
Some banks have reduced the amounts that can be transferred online to try and limit the risk. Banks report that their systems are protected and have not been affected by these attacks, but the police state that banks are not investing enough in their protection.
| Author: |
Ida Brandão, SeguraNet Project |
| Published: |
Tuesday, 21 Jun 2005 |
| Last changed: |
Tuesday, 25 Oct 2005 |
|
|
