How greedy can you be?

No legitimate site will ever request your ATM PIN, under any circumstances

Phishing. This is a widespread phenomenon that affects lots of trustworthy entities, whether  a bank, an online paying system, an e-mail service or an online game. Cybercriminals want to get their hands on your credentials, no matter where they are used.

These days, searching for phishing sites, I found one that got my attention immediately. Quite different from the others, this fake log-in site was using an online paying system image. The targeted legal entity is irrelevant here because when I accessed the original site, I immediately discovered that it didn’t even have a log-in section.

What made this  phishing site so special was its thirst for knowledge. Jokes aside, there’s an impressive list of personal data that this phishing wonder requests: bank account, id and password, email address and password, phone number, ATM Card number and its PIN.


Lots of confidential information there, isn’t it?

I don’t know if this site was accessed or not. Its creators have been exaggeratedly greedy, but, at least,  no one can blame them for not doing their best (although the manual of phishing basics clearly states that the mother’s maiden name is an absolute must).

No rocket science here. Just plain brazenness. Therefore, be careful what information you submit in various online forms and remember that no legitimate site will ever request your ATM PIN, under any circumstances.

Some information in this article is available courtesy of a cybercriminal.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.