AUGUST 23, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Phishing Attack Targets Chase Customers

Security for Home Users
How to Protect Your Mobile Privacy

Security for Business
Human Factor, the Routine Threat Vector?



Security Spotlight

Phishing Attack Targets Chase Customers

The consequence of falling for this attack is quite damaging. Not only does the culprit get access to a victim’s online banking account but also to his email account.””



Cybercriminals continue to plague online bankers who conduct transactions via their mobile devices. Their latest mobile banking phishing attack not only asks for login credentials but also information that can be used for stealing identities. This particular attack targeted Chase, one of the four biggest banks in the United States.

Though the spoofed mobile banking site uses a similar URL to look legitimate, noticeable differences from the real site can be seen. Aside from the spoofed site’s look and format, another telltale sign is its URL. The phishing site does not use the HTTPS protocol, the standard for secure banking sites. It also lacks the lock symbol that often accompanies secure URLs.

The New Hook

This phishing attack attempts to extort more information than account login credentials. After logging in to the spoofed site, a victim is then asked to give out his email address and its corresponding password. Apart from supplying this information, a victim is then asked to upload a scanned image file of a government-issued ID like a driver’s license. Once done, the victim is finally redirected to a “dead” site instead of his actual account.

The consequence of falling for this attack is quite damaging. Not only does the culprit get access to a victim’s online banking account but also to his email account. His identity is also at risk of being stolen, especially since the bad guys now have a copy of his government-issued ID.

Cybercriminals Are Going All Out

Mobile phishing is an ongoing issue but you can avoid being a victim:

  • Bookmark frequently used sites. This decreases your chances of landing on a phishing site due to typographical errors.
  • Always verify. Check first with your bank whenever you encounter strange and unexpected procedures during online banking transactions.
  • Never click links embedded in suspicious emails. Cybercriminals also use spam that link to phishing sites. If you receive a suspicious email asking you to click a link, either delete it or verify from the supposed sender first.
  • Use a reliable security solution. This immediately blocks access to phishing sites.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.

www.trendmicro.com

  CONNECT WITH US ON: