Big German banks hit by phishing attacks

Two of Germany's biggest banks became the latest victims of phishing attacks last week as internationally organized criminal groups roam the globe seeking new targets, according to a spokesman at Postbank.

Postbank suffered its second phishing attack on Thursday, less than four weeks after the bank's first-ever assault, and was linked to a separate strike on Deutsche Bank.

Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.

Until recently, most phishing attacks have been aimed at customers of banks in English-speaking countries, such as the US, UK and Australia, but "over the past few weeks, we've seen a shift to countries like Brazil and now Germany," said Mikko Hyppönen director of antivirus research at F-Secure in Helsinki.

Last month, several Brazilian banks were the target of what Hyppönen called a "combo attack." E-mail messages were distributed with a Trojan worm that would monitor visited sites. When customers typed the URL (uniform resource locator) or the bookmarked URL of their banks, Web pages appeared that looked like their banks', allowing criminals to steal sensitive information, such as passwords and credit card numbers.

"These pages were very difficult to detect, even for alert online banking customers," Hyppönen said.

Although the German phishing attacks appear to be less sophisticated, bank officials here have expressed concern that they may now be on the radar screen of international phishing rings.

"The first attack about four weeks ago came from Russia," said a Postbank spokesman. "The second attack appears to have originated in Asia. Who knows where the next one will come from."

The most recent attack came late Thursday via an e-mail written in German with several grammatical mistakes. It warned customers of a security risk, asking for their PIN (personal identification number) and a TAN (transaction number) to resolve the problem.

"We worked together with the police to shut down this site by Friday," the Postbank spokesman said. "We also alerted customers immediately on our Web site."

The earlier phishing attack on the Postbank came in the form of an e-mail written in English. "This e-mail really stuck out because we never send any correspondence to customers in English," he said.

Postbank, which was spun off of the former German public administration for post and telecommunications, is one of the country's largest consumer banks with 11 million customers of whom nearly 1.7 million have online banking accounts.

The Postbank phishing attack also extended to Deutsche Bank whose customers received an e-mail, with the pseudo Postbank address, directing them to a page similar to Deutsche Bank's.

"This attack wasn't very professional, to say the least," a Deutsche Bank spokesman said. "We moved immediately to block the corrupt link."

Deutsche Bank has posted an alert to customers on its Web site, telling them never to respond to an e-mail requesting personal data, such as passwords, PINs or TANs.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about Deutsche BankDeutsche BankF-SecurePostbank

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by John Blau

Latest Videos

More videos

Blog Posts