AIB have reported that 100,000 customers have been targeted with phishing attacks over the past week. It is understood that this scam is originating from Taiwan. AIB customers are receiving fake emails that claim to be from AIB. These emails are requesting confidential details relating to the customers online banking. Some of the emails even contain a link which sends the customer to a fake website that looks identical to the official AIB online banking website. This fake website requests confidential information from the customer such as their full 5 digit Personal Access Code and all 100 Code Card numbers.

This is not the first time that AIB has been hit with such attacks but this recent attack represents a 300pc rise on previous figures. A specialist company hired by AIB has already closed down 300 fake sites in the first six months of the year. AIB has issued a detailed warning to customers, you can find it in their Security Centre.

Here is a screenshot of one of the phishing emails.

This is the sort of text that I would expect to find in a phishing email. The next two examples show that attackers are attempting to use awareness of the phishing attacks to their advantage.

"Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking Website. Please Update your account to the new EV SSL certification by Clicking here."

"AIB is pleased to notify our Online banking customers that we have successfully upgraded to a more secure and encrypted SSL servers to serve our esteemed customers for a better and more efficient banking services in the year 2009. To validate your online banking account click on Update Online Banking."

Awareness of online phishing attacks has improved but the attackers have also upped their game. Previously these type of phishing attacks would have requested customers to email their details. Now the attackers are producing websites that look identical to the official sites. Their phishing attacks are actually emails warning against the scam that they are attempting to carry out. If you are not Internet savvy then I can see how you might get fooled by one of the above. It needs to be made clear to customers that they must never act on any emails requesting personal information even if they appear to be from your bank.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• List of Irish email addresses made public
• Stolen laptop contains account details for 75,000 Bord Gais Customers
• Hundreds of Credit Card, Debit Card and Bank Account numbers for €5.79
• Details of the Twitter attack revealed..