We have noticed a lot of sms-web-phishing attacks in China targeting Bank of China online banking users. Users received a phishing SMS that is designed to look like it was send by Bank of China as a reminder to their customers. This message looks like this: “Dear user, your token has expired , please visit http://www.boc**.com to re-active your token”. The URL is similar to the bank’s official website but points to a phishing site that looks almost like the original bank website .
In this bogus phishing website, there is a button on the top right that reads “Upgrade your token”.
Once the user clicks on this button, it will redirect to a page that looks like the normal online-banking login page. The criminals will get all the info they need to steal money from the victim’s account: User ID , Password and Token.
This information is used immediately to transfer the victim’s account money into the attacker’s account before the token expires.
A lot of technologies are designed specifically to protect against phishing, including token, certificates, dongle etc . But even while BOC uses token to enhance the online-banking security, customers still need to take care to prevent this phishing attack.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.