Subscribe

Russians go phishing in SA

By Tracy Burrows, ITWeb contributor.
Johannesburg, 19 May 2005

Standard Bank has shut down a site that tried to phish for its clients' banking details. However, security experts warn that South Africans haven't seen the last of the Eastern European phishers.

The Eastern Europe site was shut down after hoax e-mails purporting to come from the bank began circulating in SA this morning, asking recipients to follow a link to confirm their online banking user names and passwords.

The attack was the latest to be directed at South African online banking clients this week.

Two days ago, First National Bank (FNB) clients were targeted in a similar hoax, in which they were directed to the genuine FNB site, but required to put their details into a pop-up box that linked to a site in Russia.

Herman Singh, Standard Bank director for technology engineering, says the bank was alerted to the matter this morning, and shut down the site linked to the e-mails within a matter of hours.

The bank has also put warning notices on its Web site and is scanning its systems to check for any suspicious transactions that could be linked to a phishing scam. None have been found yet, he says.

Singh says Standard Bank uses the services of New York-based e-commerce anti-fraud company Cyota, which scans around eight billion pages on the Internet every few hours, looking for suspicious references to Standard Bank. The firm works closely with Interpol and the Internet community to crack down immediately on cyber scams such as this one, he says.

While the local banks have been quick to respond to this week's phishing attacks, Martie Odendaal, marketing and communications spokesman for security service provider ISA, says there is some concern about the magnitude of the latest attacks.

"These phishing guys move very quickly. There is a network of 'ghost sites' scattered around Europe, which open and close very quickly. So the links from the phishing e-mails die within hours, making it harder to close the phishing operation down. Everything about them is so much more professional than anything we have seen here in the past."

Odendaal says she has heard rumours about another South African financial institution targeted in exactly the same way this week. "If that is three in a week, it starts looking like just a drop in the bucket. I wouldn't be surprised to see similar attempts on other South African financial institutions very soon."

Absa Bank has warned its clients that there is a possibility they could be targeted too, and has posted a warning on its Web site.

Related stories:
Standard nets phishing sites
Hoax mail tries to crack FNB passwords

Share