Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Scotiabank

Date:02.01.2005

Threat Type: Phishing Alert

Websense® Security Labs has received several reports of a new phishing attack that targets customers of Scotiabank. The email attempts to dupe users to click on a URL in order to restore the user's account access. The text of the fraudulent email is included below. Once the user accesses the fraudulent website, they are then asked to enter their Scotiabank username and password. Regardless of the information input into the form, the site then sends this information through a PHP script called login.php which is stored on a different server. The user is then redirected to the authentic Scotiabank site.

 

The site is hosted in the United States and was up at the time of this alert.

 

Email Body:

 

Dear ScotiaBank customer,

We recently reviewed your account, and suspect that your ScotiaBank Internet Banking account may have been
accessed by an unauthorized third party.
Protecting the security of your account and of the ScotiaBank network is our primary concern. Therefore, as a
preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your ScotiaBank Internet Banking account. In case you are not enrolled for Internet Banking, you will
have to fill in all the required information, including your name and you account number.

2. Review your recent account history for any unauthorized withdrawals or deposits, and check you account profile to
make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to
ScotiaBank staff immediately.

To get started, please click the link below:

 

https://www.scotiaonline.scotiabank.com/online/start.jsp?language=

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of
the entire ScotiaBank system. Thank you for attention to this matter.

 

 

 

Phishing site screen shot:

 

 

 


©2009 Websense, Inc. All Rights Reserved.