Standard Bank confirmed that it blocked another phishing attack launched against its clients this morning, saying the attack was a recurrence of a threat experienced earlier this month.
However, the phishing attack, which was aimed at scamming clients into supplying their online passwords and other information by luring them to fraudulent sites that appear to be those of banks or other legitimate businesses, was reportedly not aimed exclusively at the bank.
While the bank's clients were targeted by e-mail, addressees also included non-Standard Bank clients, says Standard Bank director of IT security, Louis Lehmann.
"This was an indiscriminate attack," he says, adding that it appeared to be a recurrence of a similar attack launched against the bank on 1 November.
The earlier attack was said to have originated in the Eastern Bloc and Standard Bank implemented countermeasures to combat the threat.
"The relevant measures are in place and have rendered the phishing attack ineffective," Lehmann says.
He adds that Standard's one-time password is a two-factor authentication method, in terms of which the delivery of a second password occurs independently of the Internet banking session used by the client.
The second password is system-generated and delivered to the client's cellphone or e-mail address. The one-time password is used for profile updates, PIN resets, beneficiary additions and amendments or for one-off payments.
"We are currently closely monitoring the situation," Lehmann says.
Related story:
Standard Bank thwarts phishing attack
Share