Mobile Credits Used as Phishing Lure

Customers of an Italian bank were lured into a phishing scam with promises of mobile phone airtime credits, according to a blog post from analyst Mathew Maniyara on Symantec’s Connect blog.

Customers of an Italian bank were lured into a phishing scam with promises of mobile phone airtime credits, according to a blog post from analyst Mathew Maniyara on Symantec’s Connect blog.

According to Maniyara, phishers posing under the guise of
an Italian bank, are using a U.S.-based Web site to lure customers, claiming an additional 40 Euros would be added to their mobile phone account in return for providing their personal information.

The site of the unnamed bank took advantage of “typo squatting” – using a domain closely related to the actual bank’s Web domain, Maniyara said. After victims stumbled upon the site, which was modified to look like the log-in page for the bank, and
took the bait, they were asked to enter their banking credentials, mobile
service provider and mobile password to be owned.

It’s the latest in a long line of phishing attacks, which by
year’s end could
sting U.S. businesses alone
to the tune of $1 billion. FBI Director Robert
Mueller stopped banking online completely after almost
getting duped
by a similar scam in 2009. This isn’t the first and clearly
won’t be the last attack of its kind as attackers continue to invent new ways
to entice targets online via fraud.

Symantec
has more on the story
.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.