Data leakage double time

The Sydney branch of SophosLabs has discovered an interesting phishing campaign against a local bank today. Interesting because it carries a double whammy for any unsuspecting soul dragged into it.

The first contact from the phishers arrives in the tried-and-test traditional way as an email. Here are its characteristics:

Subject: 1 new message
From: "ANZ" <>

The message body contains a link which brings up a fake logon page for Australian financial institution ANZ, inviting donations to the Bushfire Appeal.

Fake ANZ bank page

If you make the mistake of entering your username and password at this point it will be posted to a web server in Italy.

The double whammy here is that the Italian server hasn’t been secured properly, so any username and password you enter is not only uploaded to the cybercriminals, but subsequently open to anyone with a web browser. Ouch!

There’s a silver lining, however, to this particular phish. When SophosLabs examined a selection of the usernames and passwords logged on the server it became obvious that few had actually fallen for it.

Indeed, many of the “usernames” are actually suggestions for err.. activities which the cybercriminals might wish to undertake, destinations for journeys they might wish to make, or fates which might befall them. 🙂

All very amusing – but I would advise against playing “phishing roulette” by knowingly visiting phishing websites to see what happens. Although it can be tempting to leave abusive messages for the phishers, you can’t tell in advance whether the phishing page might also be using an exploit or drive-by installer designed to infect your PC.

Check out the SophosLabs blog for more information on this phishing attack.