Mobile Phishing Campaign Uses over 200 Pages to Spoof Bank Sites

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A phishing campaign focused on mobile banking used over 200 pages to impersonate legitimate websites for well-known banks in the U.S. and Canada.
Thousands of victims were lured to the fake sites with short messages delivered through an automated tool in the phishing kit.

Major banks targeted

In an effort to capture banking credentials, the cybercriminals spoofed login pages for at least a dozen banks, say in a report today security researchers at mobile security company Lookout.
The list of targeted banks includes major players on the market like Scotiabank, CIBC, RBC, UNI, HSBC, Tangerine, TD, Meridian, Laurentian, Manulife, BNC, and Chase.

According to the research, the phishing pages were created specifically for mobile, mimicking the layout and sizing. In their attempt to trick victims, the crooks also used links such as "Mobile Banking Security and Privacy" and "Activate Mobile Banking."

Apart from increasing confidence in the page, these links might also be used to collect sensitive information by asking for the credentials when accessing them.
... ...
 

Antus67

Level 9
Verified
Well-known
Nov 3, 2019
413
A mobile phishing campaign that targeted customers of more than a dozen North American banks, including Chase, Royal Bank of Canada and TD Bank, managed to hook nearly 4,000 victims. The attacks used an automated SMS tool to blast bogus security text messages to mobile phone users between June and last month.

Mobile security firm Lookout identified the “mobile-first” phishing campaign and said that victims were sent text messages claiming that their bank detected suspicious activity tied to their account. The SMS-based messages each included a link to one of over 200 phishing pages.

“The [phishing pages] are built to look legitimate on mobile, with login pages mirroring mobile banking application layouts and sizing, as well as including links like, ‘Mobile Banking Security and Privacy’ or ‘Activate Mobile Banking,'” wrote Lookout researchers Apurva Kumar, staff security intelligence engineer and Kristin Del Rosso, senior security intelligence engineer, in a report published Friday.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top