By Rich Miller
March 27, 2006
Phishing scammers recently hacked the web sites of three Florida banks
and redirected their customers to spoof pages, marking an apparent
milestone in phishers' use of bank web sites to construct more
credible frauds. Previous scams have managed to manipulate financial
sites through cross-site scripting and cross-frame content injection,
but didn;t gain access to the server hosting the banks' site.
Not so for the attack on Capital City Bank, Wakulla Bank and Premier
Bank in northern Florida. On March 14 hackers were able to break into
the servers of ElectroNet, a Tallahassee, Fla. service provider which
hosted the web sites for all three banks. The main business URL for
the banks' were redirected to identical spoof sites on offshore
servers, which asked customers to provide their login details.
The intrusion was detected about an hour after it started, ElectroNet
CEO Allen Byington told the Tallahassee Democrat. Byington said that
ElectroNet stores no confidential data on its computers and that the
company was "working closely" with law enforcement agencies
investigating the incident. The banks' sites were shut down for
several days, and bank officials said the financial losses were
"minimal," and that any customers who lost money were reimbursed by
their respective banks.
Since the attackers redirected bank customers to spoof sites hosted
elsewhere, this type of attack could be detected by users of the
Netcraft Toolbar, which displays the name and location of a site's
InfoSec News v2.0 - Coming Soon!