MISCELLANEOUS

Phishers Deliver new Egg(TM) Recipe

A new

Watch out which basket you put your eggs in. It might take them completely off your hands. Sci-fi as this may sound, it applies perfectly to a very down to earth phishing attempt targeting the users of EggTM, the “largest pure online bank”, which provides borrowing, saving and insurance services.

As always where there’s money and a chance of snatching users’ sensitive data to get to it, in pop the phishers! Nothing out of the ordinary at first. A fake EggTMlogin page web is set up to steal users’ identification data. Ironically enough, an anti-phishing warning is displayed right next to the login form, which makes the whole thing look very real.

egg secure

Fig. 1 The fake web page used for phishing

This is when the special nature of this phishing mechanism reveals itself: it unfolds in the blink of an eye. After the EggTMcustomers input their data, the respective page disappears, giving them the impression that it mysteriously refreshed or that an accidentally pressed key made it go away. The trick is likely to work as the respective customers are instantly redirected to the actual EggTMweb page, which makes the previously described scenario quite plausible. Therefore, if they do not suspect anything, customers will input their data once again and go on with their activities without being aware that somebody else has the means to access their funds.

Here are a few things you should keep in mind to stay on the safe side of things when making transactions online:

• Make sure you always activate or turn on your antiphishing or phishing filter, as well as any other security applications or suites before browsing to your e-banking account. Ideally, you should install, activate and update a reliable security solution.

• Double-check the URL of the page you are on, especially if you are required to fill in credit card information.

• Make sure that the e-banking Web site uses SSL encryption (Secure Socket Layer) and security authentication methods – look for the “https” prefix and the locked padlock. If you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority such as Thawte™ or VeriSign® before accepting.

• NEVER disclose your PIN to anyone, under any circumstances.

• Avoid using a non-secured computer (like a friend’s desktop or job colleague laptop). Still, if you are forced to do so, make sure you at least run BitDefender’s advanced scanning on-line tool, Quick Scan, before proceeding.

• Do not check your e-banking account from public computers connected to Internet (like those in a library or Internet Café).

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.