Experts at Sophos, a world leader in IT security and control,
have discovered an email phishing campaign aimed at Kiwibank,
inviting New Zealand customers to perform routine "account
maintenance" to ensure that the bank can "guarantee their
money".
The phishing email claims to come from
Kiwibank.
"According to Kiwi angling lore, the end of April is the time to
pack away the rods and waders (it's the start of winter in New
Zealand, don't forget) and to get out your shotgun for the duck
hunting season, which begins in May," said Paul Ducklin, head of
technology, Asia Pacific at Sophos. "Obviously, cybercriminals
don't keep to the same schedule."
"The phishing email doesn't read like the sort of prose you
would expect your bank to send," continued Ducklin. "And the link
in the email leads off to a web server in the USA which is
currently blocking downloads, so there seems to be little risk of
customers getting caught out."
SophosLabsâ„¢
currently estimates that 70% of
malicious webpages abused by phishers and malware spreaders are
not directly associated with cybercriminals, but rather are
legitimate sites which have been broken into and 'borrowed' for
criminal activity.
"The website used in this phish appears, at first glance, to be
the long-term legitimate website of a sole trader in Massachusetts,
served out of a hosting company. That site is now widely
blocklisted, and off the air. The genuine owner of the site is left
to sort out the mess," explains Ducklin. "Computer security begins
at home - consumers and small businesses should take advantage of
the many security guidelines that are available online."
Sophos recommends companies defend their users with a consolidated solution to defend against the
threats of viruses, spyware, hackers and spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.