[ISN] Phishers Hack Bank Sites, Redirect Customers

InfoSec News isn at c4i.org
Wed Mar 29 03:40:21 EST 2006


By Rich Miller
March 27, 2006

Phishing scammers recently hacked the web sites of three Florida banks 
and redirected their customers to spoof pages, marking an apparent 
milestone in phishers' use of bank web sites to construct more 
credible frauds. Previous scams have managed to manipulate financial 
sites through cross-site scripting and cross-frame content injection, 
but didn;t gain access to the server hosting the banks' site.

Not so for the attack on Capital City Bank, Wakulla Bank and Premier 
Bank in northern Florida. On March 14 hackers were able to break into 
the servers of ElectroNet, a Tallahassee, Fla. service provider which 
hosted the web sites for all three banks. The main business URL for 
the banks' were redirected to identical spoof sites on offshore 
servers, which asked customers to provide their login details.

The intrusion was detected about an hour after it started, ElectroNet 
CEO Allen Byington told the Tallahassee Democrat. Byington said that 
ElectroNet stores no confidential data on its computers and that the 
company was "working closely" with law enforcement agencies 
investigating the incident. The banks' sites were shut down for 
several days, and bank officials said the financial losses were 
"minimal," and that any customers who lost money were reimbursed by 
their respective banks.

Since the attackers redirected bank customers to spoof sites hosted 
elsewhere, this type of attack could be detected by users of the 
Netcraft Toolbar, which displays the name and location of a site's 
hosting service.

More information about the ISN mailing list