Bank Data Phishing
By Christine Schönig, Regional Director Security Engineering CER, Office of the CTO, at Check Point Software Technologies GmbH
Christine Schönig, Regional Director Security Engineering CER, Office of the CTO at Check Point
It is simple and takes little time: the consolidation of all Internet activities on the smartphone. The little helper becomes an online bank and credit card, a mailbox and a department store. However, few people sense a danger here, because the mobile phone has moved so naturally into everyday life that you often quickly click on something without worrying about cyber attacks. This is deceptive, because a smartphone is nothing more than a portable computer and should be protected accordingly.
Currently, the Consumer Center NRW warns against phishing emails that target online banking access data and other personal data. Under pretexts that usually come with a supposed time pressure, such as an allegedly required account action, criminals put their victims under pressure and want to entice them to short-circuit actions. However, especially here you should take the time to check the sender and the claim exactly for their consistency.
Kreissparkasse Köln also warns against phishing emails demanding sensitive data and actions on your behalf. This includes the verification of online banking access required from time to time – but if you follow the link in the e-mail, you will end up on a fake page and should immediately cancel the action, otherwise you risk losing your personal information to the hackers. For example, online banking access data, information about the Sparkassen Card and personal data are requested or accessed in another way. Other banks, such as Volksbank and Commerzbank, have also recently been affected by such false e-mails on their behalf.
Figure: Example of a well-done phishing mail – note the dubious sender address.
As a rule of thumb, if you are asked to make a test transfer or disclose personal information – such as the PIN – via email, you should carefully check the sender and contact your bank if in doubt. Even the loss of supposedly harmless data can be dangerous, because with this knowledge fraudsters can possibly already call the bank under a false name. With lurid subject lines such as “New editions by Corona!” or “IMPORTANT interaction required!” the cyber criminals are also trying to attract attention. In addition, there are messages in circulation that contain a QR code instead of a link, which leads to the fraudulent web page.
In September 2021, PayPal and Amazon were also reported in this context. The most common is the subject line “Alert: Your Amazon account has been suspended.” In terms of content, the message follows a typical phishing scheme: Allegedly, the account had to be temporarily blocked and the reason for this were discrepancies in the stored data. Via the attached link you should update these, such as the billing address. If you do not comply with this request within a short time, then all open orders would be canceled. This threat and the short deadline are intended to unsettle people and tempt them to act rashly. The best answer: delete the phishing attempt unanswered.
These cases show how important smartphone security actually is and why security solutions for mobile phones have to step out of the niche. The security products help against ransom demands by ransomware, theft of data and access information by phishing and warn against infiltrated, public Wi-Fi networks. Smartphones have more than earned this high level of protection, because they manage many areas of everyday life and have long been on a par with diaries in terms of confidentiality.