Aussie bank customers hit by advanced phishing techniques

Reports from Australia suggest that some of the phishers are using highly advanced scamming techniques to extract the data - including asking email recipients to phone into an automated 'call centre' and
so allay the fears of even the most tech-savvy of internet users.

The phishers also appear to have rediscovered the art of using images, rather than text, to bypass anti-phishing/spamming software.

Interestingly, Infosecurity notes that some of the phishers are reportedly using a pixel-shifting technique to ensure that different emails have different images, so avoiding pattern analysis security software.

The Commonwealth Bank says it is working with the Australian Federal Police's High Tech Crime Centre to track down the phishers, although the scammers appear to be using anonymiser services to hide their IP trails.

The surge in phishing attacks also appears to have been going on for some time in Australia, with the Australian Payments Clearing Association reporting a 33% increase in phishing volumes in 2008 compared to 2007.

What is interesting about the phishing emails is that, as well as rotating images and email addresses, the scammers are using different text within the image to escape detection.

The text asks recipients to contact an automated call centre in order to unlock an account, activate a card, claim a fee refund, update internet banking details, view an important security message or complete a survey in exchange for payment.

The final step in the rotational process is the use of multiple landing pages with users clicking on the links in the mail and being taken to pages that either infect them (with different viruses) or a landing page requesting details of their account(s).

Judging from reports on several Australian security forums, the phishing techniques used by the scammers are highly sophisticated and represent a seachange in the way phishers operate, Infosecurity notes.

What’s Hot on Infosecurity Magazine?