RoT Alert – Active Phishing Campaign
On September 2nd, 2021 we discovered and confirmed an active phishing campaign targeting users of 7 major European banks from a single web page.
The web page mimics Czech Post’s PohledniceOnline service to scam people into leaving their online banking credentials and credit card details.
Upon visiting the phishing site the user is welcomed by this screen which promises to transfer money in 2 installments to the user’s account:
The unsuspecting victim is then redirected to a page with several options to submit their information:
There are 2 distinct ways how this page aims to steal the critical information.
First is through a card payment gateway:
Second, through a ‘redirect’ to a specific bank gateway:
The full report, with technical details, screenshots and URLs is available on request and to RoT members.
Mitigation steps undertaken
Our SOC team has already taken some mitigation steps by reporting the phishing URL to Safe Browsing, reporting it to the domain registrar and the hosting provider.
We recommend you alert your users that there’s an active phishing campaign offering money in 2 installments while emulating web pages featuring: Česká Pošta (including their PohledniceOnline service branding) and fake banking gateways.
Depending on the capabilities of your existing security solution, try to find out which of your users have visited the phishing URL prior to coming to your site.
About Ring of Trust (RoT)
ThreatMark’s Ring of Trust (RoT)–is an invite-only initiative that aims to combat phishing frauds in the banking industry with a community approach: by sharing cyber threat intelligence among the members and disseminating the information for a faster and timely response.
The essence of the initiative is to combine intelligence and fight phishing scams from a common ground. Fraudsters work together to perpetuate fraud. We believe that the same approach works for preventing fraud as well.
At the core of the Ring of Trust is ThreatMark’s advanced fraud prevention solution complemented by a team of cybersecurity & fraud analysts from our Security Operations Center. Our technology uses various on-page and off-page methods to detect wide array of threats across digital channels. All detections are categorized and added to our Threat Intelligence systems for easier mitigation and future detections.
All Ring of Trust members benefit from this intelligence and a shared mission to combat fraud. We invite everyone to share with us all discovered phishing campaigns targeting banks with so we can facilitate mitigation and alert the Ring for significant threats.