Select Page

Cyren Security Blog

Trouble in Europe – SEPA-Phishing-Alert

European internet mailboxes are being flooded by fake emails. The reason is a change in the European money transfer system. National bank transaction rules will soon be replaced by unified rules for all European citizens. The new system is called SEPA – Single Euro Payments Area. In the future it will be more difficult to see who is transferring money to your bank account and vice versa, who received money from you because the details of the person or bank that did the transfer will be converted to a number. Implementing the new system has been delayed many times and will affect a large number of account owners. All in all, it is a pretty big mess and an ideal situation for phishing attacks.

CYREN’s GlobalView™ Security Lab (GSL) has discovered several emails sent in the name of different European bank institutes asking for personal and secure data like TAN number. The spammers copy parts of the bank’s original HTML page and add a form for the phished data

Fake website with an original part a phishing form

Fake website with an original part a phishing form

CYREN found samples from the Austrian Alpe Adria bank, the German Sparkasse and Netherlands ING Bank. In many cases the recipient is asked to check the IBAN number (International Bank Account Number) and give some other private details, like his phone number. An employee of the bank will call back and finish the change. A big national German newspaper published a story of a 63 year old business man who gave his credentials to the fraudsters and lost 25,000 Euros.

Munich based business man lost 25.000 Euros in SEPA phishing

Munich based business man lost 25.000 Euros in SEPA phishing

After some investigation CYREN has confirmed that a lot of the fraud websites are already offline. The fake websites are easy to recognize. In the address bar you will see a domain name different from the bank name (see picture one, top left). Furthermore we have the usual suspect signs like no personal address in the email and wrong encoding in the text so it lacks special characters.

And as a last advice: Nobody (including bank employees) should ask for your private credentials like PIN or TAN numbers or, in the case of credit cards, for your secure code.

You might also like

LinkedIn Phish Kit

Scam Warning Back in January, LinkedIn posted a warning about connection requests from individuals impersonating employees of a legitimate organization. These requests come from newly created accounts. If someone accepts the request, the attackers will have more...