Experts at Sophos, a world leader in IT security and control,
have discovered an email phishing campaign aimed at Kiwibank,
inviting New Zealand customers to perform routine "account
maintenance" to ensure that the bank can "guarantee their
money".
The phishing email claims to come from
Kiwibank.
"According to Kiwi angling lore, the end of April is the time to
pack away the rods and waders (it's the start of winter in New
Zealand, don't forget) and to get out your shotgun for the duck
hunting season, which begins in May," said Paul Ducklin, head of
technology, Asia Pacific at Sophos. "Obviously, cybercriminals
don't keep to the same schedule."
"The phishing email doesn't read like the sort of prose you
would expect your bank to send," continued Ducklin. "And the link
in the email leads off to a web server in the USA which is
currently blocking downloads, so there seems to be little risk of
customers getting caught out."
SophosLabsâ„¢
currently estimates that 70% of
malicious webpages abused by phishers and malware spreaders are
not directly associated with cybercriminals, but rather are
legitimate sites which have been broken into and 'borrowed' for
criminal activity.
"The website used in this phish appears, at first glance, to be
the long-term legitimate website of a sole trader in Massachusetts,
served out of a hosting company. That site is now widely
blocklisted, and off the air. The genuine owner of the site is left
to sort out the mess," explains Ducklin. "Computer security begins
at home - consumers and small businesses should take advantage of
the many security guidelines that are available online."
Sophos recommends companies defend their users with a consolidated solution to defend against the
threats of viruses, spyware, hackers and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.