Alerts E-Threats

Music Website Hacked to Dump Phishing Page and Target Sparkasse Clients

Sparkasse clients are targeted by a new phishing campaign created in German on a hacked music website. With a page resembling that of an authentic banking institution, cyber-criminals are able to steal Germans’ pins and IDs and empty their accounts. The banking details are also used for identity theft and further fraudulent schemes.

The phishing attack starts with an e-mail, allegedly from Sparkasse Customer Service. As in most phishing attacks, cyber-criminals create a sense of urgency by tricking Germans their banking account will soon expire, so they have to enter their data fast to make sure the account will be back on track.

“Please note that your online access to your account will soon expire,” the spam e-mail reads. “To continue this service without interruption, please click on the icon below to manually update your account. After completing the instructions to update the account, your online access to your account will be automatically restored and no further action will be required of you.”

Interestingly, phishers have breached a poorly crafted music website registered in the US and dumped the malicious web page in a folder. This is what makes the redirecting URL look like “http://music [link removed]/sparkasse.”

“Sparkasse” phishing attacks have been circulating for over five years. The German bank reminds clients to ignore e-mails from unknown sources and never give out their PIN and TAN.

“Even if you are prompted by seemingly reputable institutions, [don’t do this],” Sparkasse representatives said. “Sparkasse will not personally ask your data by e-mail or phone, nor ask for your online banking details or to open websites in an e-mail to enter account information there.”

Last month, Germans have also been infected with the Gamarue Trojan after clicking on a fake Deutsche Bahn ticket reservation. The same malware stole their personal details with a bogus FedEx shipment notification. Another recent phishing attack targeted HypoVereinsbank clients.

Bitdefender also offers some tips and tricks for users exposed to such phishing attacks:

  • Before typing your PIN and Transaction Authentication Number (TAN), verify that the URL in the address bar of your browser begins with “https://” instead of “http://” Remember that banking websites are encrypted.
  • Keep your computer up-to-date with antivirus software, operating system patches, firewalls and licensed software.
  • Be wary of unsolicited emails or phone calls asking you for PINs or passwords – your bank or other institutions would never ask for these in full, especially by e-mail.
  • Always type your bank’s address directly into the web browser – never follow a link in an email to enter personal details. Be careful with your browsing history and unable the option that saves all your passwords. In case the browser has vulnerabilities exploited by hackers, your credentials are also at risk. Avoid saving your banking details on the hard disk. You can always use a secured online browser such as Bitdefender Safepay.
  • Don’t click unexpected or suspicious pop-ups appearing during your online banking session and be careful when opening e-mail attachments. Some come loaded with banking Trojans.
  • Avoid making online payments and transactions via public computers and Wi-Fi networks.

About the author


Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.