New Phishing Scheme Targets Abbey E-Mortgage Clients

Large spam wave faking bank alert hits inboxes.

One of the most counterfeit bank identities in the world,
Abbey, which ranked the eighth in our latest E-Threats
Landscape Report
, got again the phishers’ attention.

The unsolicited message sent on behalf of Abbey Anti-Fraud
Team warns the bank customers about the alteration of their accounts. Hence, it
asks them to update the compromised information by accessing the page provided
in a hyperlink.

Phishing Abbey

The link does not lead to the on-line bank portal, but to a
Web page that employs several visual identification components of the original
Web site, namely the bank logo and the general formatting elements.

Phish Abbey

Few details: even though all menu options are available,
clicking any of them will return a “404 Page Not Found” message. Moreover, one
can easily see that the Web page address mimicking the genuine Web site loads from
a different domain (.net instead of

Also, there are no specific security elements, one could
expect to find on an e-banking site, namely SSL encryption (Secure Socket
Layer) and security authentication methods (no “https” prefix and locked padlock).

The analysis of source code revealed that the sensitive data
are stolen using a single PHP script (loginphish.php), that records and sends
to a remote database the card number or personal ID, passcode and registration

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.