Bank "phishers" hook up from Russia

After several months of leisurely hijacking servers at a Floridian ISP to launch attacks on unwitting Australian bank customers, crooks engaged in so-called 'phishing' expeditions have shifted the launch pad of their spam attacks from the US back to Russia.

The spam attacks, which ubiquitously solicit recipients to go to a spoofed bank Web site with a tweaked log-in panel, are now believed to be the work of a single and highly organised Russian Internet crime gang, manager of investigations for Australian High Tech Crime Centre's, federal agent Nigel Phair confirmed to Computerworld.

While circumspect about what stage AHTCC investigations are at, Phair said that the Australian Federal Police's overseas liaison network will be used when and where it is necessary and described the assistance rendered so far as "absolutely sterling".

"[The spam attacks] just crop up. We're gathering intelligence and deploying resources as we see fit. I can't comment much further because it's an ongoing [operation]. It's true that we need to continue to educate the public, but we also need people to pursue investigations [with the view] to prosecuting those responsible. We have to work within the boundaries of international law," Phair said.

Given such boundaries and the logistical challenges they create, Phair said educating the public not to fall for such scams will continue in earnest, noting that "there's no problem with the [Internet banking] infrastructure, there are just people out there trying to defraud people of money."

Director of IT security and interception technology vendor Universal Defence, Umar Goldeli feels said that while phishing scams had now become common, they far from technical feats.

"These attacks are classic examples of social engineering. They are not brain surgery. These sort of investigations are very time critical, so getting results largely depends on the cooperation and assistance of other jurisdictions," Goldeli said.

Asked if the banking community in Australia had overcome its well-known reticence to seeking the assistance of law enforcement, Phair said that banks to date had been "extremely cooperative".

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Laserfiche

Enterprise Content Management (ECM) Solution

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »