“We are presently observing an unusual increase in phishing attacks across the industry and would like to warn bank clients to be extra vigilant,” said Sabric chief executive officer Kalyani Pillay.<\/p>\n
“The worrying trend about the recent surge in phishing attacks is that the phished information is now being used by criminals quicker than in the past,” she said.<\/p>\n
The period between the compromising of banking customers’ information and its use had narrowed.<\/p>\n
“We also observe an unusual level of persistence accompanying the latest attacks. There are incidents where people are receiving the same phishing email daily,” Pillay said.<\/p>\n
“Phishing” involves criminals deceitfully obtaining bank clients’ personal information such as passwords, identity numbers and credit card details by sending emails that look as if they have been sent by banks.<\/p>\n
Typically, phishing emails were sent to millions of bank clients asking them to click on a link to access information purporting to be from the bank or to update their details, Sabric said.<\/p>\n
Instead, they were directed to a fake website which appeared almost identical to the legitimate bank’s website and were tricked into disclosing their personal information on bogus online forms on that site.<\/p>\n
The criminals used the information to commit fraud.<\/p>\n
The recent phishing attacks were made to resemble security alerts from banks’ on-line or security divisions and required more detailed customer information.<\/p>\n
“The current crop of spam requires customers to confirm information such as cellphone numbers and email details,” said Pillay.<\/p>\n
“This is done purely for purposes of intercepting customers’ one-time-password (OTP),” she said.<\/p>\n
They did this through cellphone SIM swaps or by asking bank customers to confirm their OTPs immediately after accessing the account with the phished information.<\/p>\n
“Sabric advises bank clients to ignore any emails that require them to provide personal information, even if the emails look credible or seem to contain very useful information.<\/p>\n
“Some of the spoof sites… contain what would appear, to unsuspecting eyes, to be crime awareness information on phishing.”<\/p>\n
Pillay said it only took a few successes to make the attacks a worthy and profitable undertaking for cyber criminals.<\/p>\n
She said people who suspected they might have already responded to emails requesting their personal information should immediately notify their banking institutions.<\/p>\n