Phishing attack on popular German bank

Last week, the CYREN team detected a massive phishing attack on customers of the German bank Postbank, with more than 50,000 new phishing URLs detected within the first 24 hours. Phishing emails are traditionally sent to a massive group of people, in the hope that among the recipients are actual customers of the brand and within that group there are unsuspecting users that will click the phishing link and complete whatever information request is included. In this case the email and phishing site look very similar to the legitimate Postbank website and so it is hard for regular users to see that this is actually phishing scam and unfortunately, enough people will fall victim to the scammer’s attempts.

Phishing attacks on banks and financial institutions are very common. In fact the number one target of phishing scams is popular payment service PayPal. In the case of this Postbank scam the unsuspecting visitor is asked to confirm his login credentials. Once the user submits his username and password on the bogus website, the scammers have obtained the user’s credentials and are able to steal his identity or sell the information to another cybercriminal. 

“Scammers are becoming more and more sophisticated. Targeted spam and phishing attacks are just one element in the growing threat of cybercrimes” says Eyal Matzkel, Detection Solution Architect at CYREN.

Regional phishing attacks

Phishing scammers will often focus their attack on certain brands and regions. In this case the principal targets were German users and the attack took up close to 15% of total spam in the region while the attack was ongoing.

Attackers use hijacked – or Zombie – computers to spread the attack. Zombies are computers that have been infected with malware and are used by botnets to send spam and/or participate in other cybercrimes. In this attack the majority of attacks originated in Italy, Germany, N-America and France.

How to avoid becoming a victim of a phishing scam?

Banks, credit card companies and other organizations will not ask customers to confirm confidential or personal information like passwords or pin-numbers via email, so be aware when you receive such requests in an email. Phishing sites can also be easily spotted by looking at the URL in the browser window.

Examples of URLs from this attack:

None of these URLs direct to the real Postbank website and should be a sure sign that this is a phishing attempt. It is also a good rule to contact your bank or credit card company to check if the email and information request actually came from the bank (usually it did not).

CYREN’s daily analysis of billions of Internet transactions provides an unmatched view of phishing threats as they emerge. Find out what CYREN Phishing URL Feed has to offer.