A sophisticated phish

Avoiding phishing is simple. All you have to do is not open any incoming e-mails sent to you by PayPal, eBay, Bank of America, < insert any other online bank or financial service here >. You also have to delete them immediately. Not because we don’t want you to trust reputable, well-known companies like those listed above. Not at all! The reason is different.

A trustworthy company will never ask you to submit your login name, password, bank account details or credit card number by e-mail. Such company will never ask you to change your password immediately, or they will block your account, etc. PayPal, eBay, Bank of America, Nationwide or e-gold, which actually are reputable, trusted companies, do not send dubious e-mails and notifications. They even warn customers of latest scams and phishes.

But a lot of users still get fooled by self-evident, ridiculous tricks with “bank” e-mails and “true, not fake” web sites. However, such phishes can fool only inexperienced users, while the latest one might trick even security-savvy persons.

The newest Citibank phish is one of the most sophisticated phishes ever. It all starts with a scam e-mail saying that “our security system detected an unsuccessfull access attempt to your online account from Ip address 81.190.253.29”. The letter asks to “confirm your current address or change it online”. In case if you will not confirm your address, “your account will be SUSPENDED for security reasons”. However, phishers promise to send “an Activation Code” for renewing “your online banking service access”.

The e-mail is of high quality – only a few mistakes and mistypes. But the letter is not the interesting part – it is a web site that can be accessed by clicking on the link provided. The site you get is an absolute twin of Citibank’s Citibusiness login page, which even has a long address typical to most secure sites. The only difference is that this address does not end with “citibank.com”, but “citibank.com.tufel-club.ru”, and the latter belongs to a web site in Russia.

The fake site not only asks to enter the login name and password, but also a token-generated key, which can only be generated by a Citibank token. Security-savvy people might want to check whether the site is legitimate by entering fake information. But the new phish can handle this. It acts as the “man in the middle” transferring login credentials to genuine Citibank login page and returning the results. Phishers get access only to real user bank accounts.

Such technique makes the victim think that the site is fully legitimate – typical phishes never ask for additional protection codes, they are impatient for the victim’s bank account details and credit card numbers.

Fortunately, the sophisticated Citibank phish site has been shut down. But this first ever case of using a “man-in-the-middle” attack has shown that even security-savvy people can be fooled. Phishes become more complex and well-though-out. Beware!


Files
Software
Compare
Like us on Facebook