Big German banks hit by phishing attacks

Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organised criminal...

Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organised criminal groups roam the globe seeking new targets, according to a spokesman at Postbank.

Postbank suffered its second phishing attack on Thursday (19 August), less than four weeks after the bank's first-ever assault, and was linked to a separate strike on Deutsche Bank.

Phishing attacks use spoofed e-mail and fraudulent websites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.

Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries, such as the US, UK and Australia, but "over the past few weeks, we've seen a shift to countries like Brazil and now Germany", said Mikko Hyppönen, director of anti-virus research at F-Secure.

Last month, several Brazilian banks were the target of what Hyppönen called a "combo attack". E-mail messages were distributed with a Trojan worm that would monitor visited sites. When customers typed the URL or the bookmarked URL of their banks, web pages appeared that looked like their banks', allowing criminals to steal sensitive information, such as passwords and credit card numbers.

"These pages were very difficult to detect, even for alert online banking customers," Hyppönen said. 

Although the German phishing attacks appear to be less sophisticated, bank officials here have expressed concern that they may now be on the radar screen of international phishing rings.

"The first attack about four weeks ago came from Russia," said a Postbank spokesman. "The second attack appears to have originated in Asia. Who knows where the next one will come from."

The most recent attack came late Thursday via an e-mail written in German. It warned customers of a security risk, asking for their Pin and a Tan (transaction number) to resolve the problem.

"We worked together with the police to shut down this site by Friday," the Postbank spokesman said. "We also alerted customers immediately on our website."

The earlier phishing attack on the Postbank came in the form of an e-mail written in English. "This e-mail really stuck out because we never send any correspondence to customers in English," he said.

Postbank, which was spun off of the former German public administration for post and telecommunications, is one of the country's largest consumer banks with 11 million customers of whom nearly 1.7 million have online banking accounts.

The Postbank phishing attack also extended to Deutsche Bank whose customers received an e-mail, with the pseudo Postbank address, directing them to a page similar to Deutsche Bank's.

"This attack wasn't very professional, to say the least," a Deutsche Bank spokesman said. "We moved immediately to block the corrupt link."

Deutsche Bank has posted an alert to customers on its website, telling them never to respond to an e-mail requesting personal data, such as passwords, Pins or Tans.

John Blau writes for IDG News Service

Read more on IT risk management