Banker hosted on Bank site

The first example started off with an email lure that was being spammed on Wed, Nov. 14th. The email was written in Spanish and appeared to target Mexican citizens. It enticed users to connect to a Web site with the use of an animated cartoon.

This Web site was a compromised site which is the home of a financial institution in Romania.  Online banking customers were being authenticated in clear text (i.e. no SSL), and we found several open directories, one of which was being used by the attackers as a location for uploaded malicious code. The malicious code filename is bailando.exe.

Email Lure:

Actual Banking Website:

Phishing for Fishing AKA Whale Phishing

The second is not an example of poor security practices; however, it does tickle the funny bone. The term Phishing is partially derived from the practice of using sophisticated, deceptive bait in the hope of catching financial information from the end-users.

Well, in this case the bait is an online Boat Trading Web site. The victim actually appears to be Trader Online, which is a new and used online shopping site for expensive goods such as boats, motorcycles, and airplanes. It also looks like the Rock group has added this brand to their kit. One may wonder why anyone would want credentials for Trader Online.  Perhaps it’s due to the high-end clientele that probably uses this service to sell yachts, RVs, and even planes on the site.

As in Las Vegas, where casinos are always fishing for the biggest gamblers to come and spend their money, fraudsters appear to be luring the biggest “whales”.

Thus, the term “Whale Phishing”, was born. It is used to describe the attempts made to lure members of high income groups into revealing individual account data.