Internet Changes Everything

"Phishing" lures German banking clients

"Phishing" lures German banking clients

FRANKFURT (Reuters) - Two clients of Germany's Postbank have fallen for an e-mail fraud that led them to reveal money transfer codes to a bogus Web site -- the first case of this scam in German, prosecutors say.

"There are two known cases now where transactions almost happened," said a spokeswoman of the state prosecutor in Bonn on Thursday. She declined to give more detail about where the investigation was heading: "We don't want to warn anybody," she said.

The victims nearly lost 21,000 euros (14,000 pounds) between them.

They had responded to an e-mail that tricked them into entering their account number, personal identification numbers and transaction codes on a Web site that posed as a legitimate Postbank site, Postbank said -- a scam know as phishing.

The people who ran the web site then used the codes to initiate money transfers to accounts in Eastern Europe, a spokesman for Germany's biggest retail bank said.

One victim noticed the fraudulent transfer before it was executed and cancelled it. The other transaction raised suspicion at the bank and was annulled after checks with the client.

The first wide-scale electronic attack targeted German bank clients last month. Previous attacks have been in English, requesting account details from U.S. banks or passwords to enter Internet sites including auctioneer EBay or payment service PayPal.

A fresh wave of e-mails, purporting to come from Deutsche Bank, emerged last weekend and Tuesday night. Germany's biggest bank quickly moved to disable the fake web sites.

Both Postbank and Deutsche, the only German banks affected by the phishing attempts so far, said no client had lost money.

Unsolicited bulk e-mail accounted for 65 percent of all e-mail traffic, according to computer-security company Symantec, up from 50 percent in July 2003.

June saw 1,422 separate phishing attacks, mostly focused on the United States, up from 176 in January, according to the Anti-Phishing Working Group, a financial services industry task force.

August 27, 2004 at 07:24 AM in Phishing & identity theft | Permalink | TrackBack (3) | Top of page | Blog Home