New tactics are being used by phishing scammers, in a bid to lure unsuspecting users into revealing confidential bank account details.
Charles Heunemann, managing director Australia/New Zealand at SurfControl, told iTnews that this latest method calculated where the URL bar would be and put an image over it, to make it look like the bank's real website.
This latest scam targeted customers of a US bank.
Heunemann said that while he couldn't put a figure on how many people were taken advantage of in scams like these, “people doing phishing generally send out millions and millions of emails”.
“As people are getting smarter, the people doing the phishing are getting more determined,” he said. “Phishing scammers are going to get more determined and more creative.”
This latest incarnation of phishing scams was a clear example that the scammers were getting more sophisticated, Heunemann said. “We were surprised at how clever and simple [the latest one is].”
“Previous phishing scams have used flaws in Internet Explorer or other methods that have since been patched by Microsoft, but this method is very unique and will work across a majority of browsers, so people must be wary,” he said. “It is a very different approach to anything we've seen before and I think we'll see other phishers picking up the technique.”
The number of phishing scams was growing, according to a statement from SurfControl. The company's Australian Internet Research Centre found that the number of documented scams had grown 477 percent since January this year.
Users were also being urged to be wary.
SurfControl's Heunemann said that users should be wary of any email that asked for their password details, and to never click through from a link in an email to a banking website.
In an interview with iTnews, a spokesperson for the Commonwealth Bank said that it had been the target of two episodes of phishing over the last six months, which prompted it to issue potential fraud alerts to its internet banking users. “There's no doubt they are [phishing scams] becoming a lot more convincing,” he said.
“The alert advises people that this attempt at fraud is occurring and if they receive the spam email what to do,” the spokesperson said.
He said people should delete the email. If people have actioned the scam email they should change their netbanking password and check their account details. If they find any anomaly they should call the bank's helpdesk, the Commonwealth Bank spokesperson said.
On its website, Westpac advises people to never click on a link in an email that alleges to go to their internet sign-in page.
“Genuine emails from Westpac now do not contain any links to our internet banking,” it states. “Never provide your personal or security details, including customer ID or passwords, in response to any email -- even if the email looks like it has come from Westpac or another organisation.”