[LINK] Online bank scam eats its own dead

[Chirgwin, Richard]

True story: a company, MessageLabs, had a media event to launch an
anti-phishing service; the Australian Bankers' Association was booked to
speak but didn't show.

I have previously commented on the banks' own contribution to phishing
through bad business practise and marketing-driven use of e-mail ...

In a rare event for a press conference, someone said something worthwhile.
Peter Coroneos said (a) banks aren't doing enough to protect the integrity
of the online medium; and (b) he would like to see a code of practise for
the way banks use the Internet (eg standardise the security and behaviour of
Internet banking applications, don't encourage careless use of e-mail).

>From my own research, published last week: 1/3 of ABA member banks don't
even have phishing warnings on their Websites. 

The scam needs to be cropped, but the banks' own attitude is that it's
someone else's problem.

RC

-----Original Message-----
From: Rick Welykochy
To: link at anu.edu.au
Sent: 24/01/04 12:47
Subject: [LINK] Online bank scam eats its own dead

It looks like round two (three?) of the bank scam that tricks unwitting
Internet users to login to a malicious site and enter their banking
credentials is doing the rounds.

This time the trick is to convince the victim that due to previous
banking
scams, they must login to ensure future access is not blocked.

The actual URL is as follows:

http://olb.westpac.com.au%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0
1%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0
1%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0
1%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%01%0
1 at 200.161.151.54/w/westpac.html

which boils down to:

http://200.161.151.54/w/westpac.html.

I've lately had similar fakes for the CBA and St.George.

It appears that these scammers take the same approach as spammers, i.e.
target and retarget ridiculously large numbers of Internet users in the
hope
that 1 in 100,000 are gullible enough to click on the link and bare
their
account details.

cheers
rickw


---------- Forwarded message ----------
Date: Sat, 24 Jan 2004 13:32:53 +1100
From: Westpac support <support at westpac.com.au>
To: "rick at praxis.com.au" <rick at praxis.com.au>
Subject: Official notice to all Westpac users.

Dear valued Westpac Customer!

Due to the increased fraudulent activity within
our site we are undertaking a review
of our member accounts. You are requested to
visit our site by following the link given below.
This is required for us to continue to offer you a
safe and risk free environment to send and receive
money online. Be sure to enter both Customer Account No&<
Password otherwise your account will not be verified
and your access to the account will be blocked.
Thank you.
https://olb.westpac.com.au
Copyright 2004 - Westpac Banking Corporation ABN 33 007 457 141

_______________________________________________
Link mailing list
Link at mailman.anu.edu.au
http://mailman.anu.edu.au/mailman/listinfo/link