CommBank cops sustained online fraud attack - Security - Technology - smh.com.au
Asher Moses
June 2, 2009 - 3:25PM
Commonwealth Bank customers are being inundated with phishing attacks, some at a rate of several scam emails a day, sent by cyber criminals seeking to steal passwords and credit card details.
The scammers, who are specifically targeting the bank in a sustained assault, are bombarding customers with several clever variations of the email ruse - such as using bogus call centres - in an attempt to hook even tech-savvy web users.
The emails have largely managed to evade spam filters using methods such as images instead of text.
Commonwealth Bank spokesman Steve Batten said the bank was working closely with the Australian Federal Police's Australian High Tech Crime Centre to track down the scammers. However, the bank appears to be losing the war.
"As soon as we close them down they are opening up elsewhere," Batten said.
This is backed up by figures from the Australian Payments Clearing Association, which reported a 33 per cent increase in both the volume and value of fraudulent online payments in Australia for the year ended December 31, 2008.
The scam emails, which look authentic and include the Commonwealth Bank's logo, try to trick the victim into handing over sensitive information by telling them they need to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.
When the victim clicks on the link in the email, they are either infected with a password-stealing virus or presented with an official-looking page that asks them to enter their details, which are then harvested by the fraudsters.
Continue Reading
Editor's Note: An "Official Looking" page is officially "USELESS" if banks "required" their customers to "Swipe" their "bank issued" card and Enter the "bank issued" PIN.
Banks wouldn't be "losing the war" they would be closing down the "Phisheries."
With HomeATM's PCI 2.0 Certified PIN Entry Device, the card holder data is NEVER in the clear.
End Result: Our SwipePIN device eliminates the threat of "phishing" it eliminates the threat of a "cloned website" (i.e. "official looking page") and it enhances security for online banking with 2FA, 3DES E2E Encryption protected by DUKPT.
I'm relatively "puzzled" as to banks don't see this as clearly as hackers see cardholder data.