The National Cyber Security Incident Response Centre (CERT-RO) has identified in recent weeks “real-time phishing” attacks against customers of financial institutions in Romania.
The banks targeted by these attacks are ProCredit Bank, Raiffeissen Bank and Alpha Bank.
“What is the difference between a classic phishing attack and real-time phishing? Unlike in the first case, where the attackers’ goal is to extract personal and financial data to be used later, in a real-time phishing attack, the fraudulent website is connected in real time with the targeted bank’s online banking platform. Once the user enters their login details for the internet banking service, the phishing page asks the user to wait for processing, with a message such as Wait for bank approval for your request. Please do not close the window. Of course, while the user waits for validation to enter the platform, the attackers access the online banking account in real time and initiate fraudulent bank transfers from the victim-user’s account,” CERT-RO specialists explain.
According to the source cited, the domain names used by attackers for phishing pages resemble the legitimate URLs of online banking platforms. “Moreover, typosquatting techniques are used to mislead users (e.g. goo.gle.com instead of google.com). That is why it is extremely important that when we go online, and especially when making transactions, we do not act impulsively, do not rush and check the information several times before executing an action. Identified phishing pages are hosted on legitimate platforms or CDNs, such as Github, Gitlab or Fastly, making it difficult to block access at the gateway and dismantle the phishing scheme,” the experts warn.
CERT-RO recommends vigilance when making online payments and using internet banking. “If you have fallen victim to this type of attack, notify your bank as a matter of urgency and provide full details of what information you provided and when it happened. At the same time, if you have suffered financial damage, the next step is to contact the police to open an investigation,” the institution informs, according to Agerpres.ro.