[LINK] NAB Bank Scam Shut Down fast

Stewart Carter mail at ecommercereport.com.au
Wed Feb 9 11:41:08 EST 2005 

At 10:04 AM 9/02/2005, yAdam T posted an SMH report on yet another phishing 
attack against an
Australian bank.

Which prompts me to once again marvel at the Australian banks apparent 
ability, within perhaps 24 hours or so
of the phishing email being received by a customer, to both identity the 
actual location of the offending web-site and have it closed down.

I really wonder how our banks do that. It appears to happen very quickly, 
even when the host ISP is in China or Korea.
Do they call the FBI, who immediately call the ISP hosting the site who 
immediately closes it down?
That all seems quite improbable. So I'd be grateful for any Linkers advice 
on just how they do it, and which authorities where, using what powers, are 
involved.

My interest isn't just idle curiosity because I'd like to talk to them for 
a piece I'm putting together for my
eCommerce Report on the phishing attack against the Australian Tax Office 
early in January.

Surprisingly, the ATO says it didn't involve any attempt at tricking people 
into revealing their bank account details, just downloaded
a trojan into their PC. (Its not clear what the trojan programme did/does)
The ATO's IT chief told me that the attack was reported to them by the 
local office of US vendor - SurfControl.
The company's local CEO said they picked up the offending email in one of 
their automated email monitoring systems.
He said there was only one instance of the phishing email picked up and 
none of tbeir clients reported seeing
it. Likewise, the ATO said the only report they had of the attack came from 
Surfcontrol.

A trial run perhaps?

Stewart Carter
mail at ecommercereport.com.au
0433 142 419






>http://www.smh.com.au/news/Technology/Internet-bank-scam-uncovered/2005/02/08/1107625202518.html
>
>Internet bank scam uncovered
>February 9, 2005
>
>A US-based internet banking scam targeting National Australia Bank 
>customers in Australia has been uncovered, a bank spokeswoman said.
>
>A scattergun approach was employed by the cyber thieves as emails were 
>sent to NAB and non-NAB customers alike.
>
>Under a NAB letterhead, customers were asked to click on a site address 
>and enter their account details due to a software upgrade.
>
>"This instruction has been sent to all bank customers and is obligatory to 
>follow," the message said.
>
>Of the bank's thousands of customers, only two followed the instructions 
>before the site was shut down, NAB spokeswoman Mikala Sabin said on Tuesday.
>
>She said the bank would never send an email asking for such details, and 
>people banking on the internet had to be wary.
>
>"We only had a couple of customers who actually replied but we've blocked 
>their accounts and they haven't experienced any fraud," Ms Sabin said.
>
>"If they [cyber thieves] get the password and other things they can access 
>other people's accounts.
>
>"In this instance we closed it all down very quickly and no one was affected.
>
>"But we have to be very quick to it because once someone has your details 
>its very hard to determine in an online environment whether it's the real 
>person or not."
>
>It is the second time the scam has been tried on NAB customers in six months.
>
>Westpac customers were targeted on January 25.
>
>A Westpac spokeswoman was unable to say on Tuesday whether any Westpac 
>customers had entered their details or had money stolen.
>
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

More information about the Link mailing list