The Royal Bank of Scotland has suffering a couple of outages due to a distributed denial-of-service (DDOS) attack, and one due to some technical issues. Shortly after, the financial institution issued an alert to warn users about the possibility of phishing attacks.
Many customers found their accounts to be inaccessible Thursday night and into Friday. The bank reported that it was the victim of a distributed denial-of-service (DDoS) attack. "Due to a surge in internet traffic deliberately directed at the NatWest website, customers experienced difficulties accessing some of our customer websites today,” it told the Guardian. "We have taken the appropriate action to restore the affected websites."
Cybercriminals have started sending out phishing emails designed to trick RBS customers into handing over their personal information. The email has nothing to do with RBS. Users who click on the “ACTIVATE MY CARD” link are taken to a hijacked website belonging to a company from Poland.
The fact that the banks, following the first issue, were directing customers to use an alternative link simply aids hackers in masking their activities, added George Anderson, director of product marketing at Webroot, in a comment to Infosecurity.
“All of us need to keep front of mind that hackers will always aim to be one step ahead and using real-life events or communications coming from friends as phishing emails is a very successful social engineering strategy,” said Anderson.
“Phishing remains the most prevalent web-borne attack, accounting for up to 55% of the breaches companies experience”, according to the company's recent web security study.
The website has been set up to host a legitimate-looking RBS phishing page. Here, victims are asked to hand over their credit card services username, PIN, Internet password, email address, and email address password.
Once this information is handed over, the victim is taken to the genuine RBS website.
The outages also point out the banking vertical’s unique challenges. “As well as heavy investment in sufficient IT infrastructure and defenses, financial organizations need to clearly communicate the potential threats their customers face during such hiatuses in service to ensure heightened awareness and damage control,” Patel said. “These types of attacks highlight our dependence for the need of a secure cyber-environment that consumers can trust and depend on.”
Many customers found their accounts to be inaccessible Thursday night and into Friday. The bank reported that it was the victim of a distributed denial-of-service (DDoS) attack. "Due to a surge in internet traffic deliberately directed at the NatWest website, customers experienced difficulties accessing some of our customer websites today,” it told the Guardian. "We have taken the appropriate action to restore the affected websites."Cybercriminals have started sending out phishing emails designed to trick RBS customers into handing over their personal information. The email has nothing to do with RBS. Users who click on the “ACTIVATE MY CARD” link are taken to a hijacked website belonging to a company from Poland.
The fact that the banks, following the first issue, were directing customers to use an alternative link simply aids hackers in masking their activities, added George Anderson, director of product marketing at Webroot, in a comment to Infosecurity.
“All of us need to keep front of mind that hackers will always aim to be one step ahead and using real-life events or communications coming from friends as phishing emails is a very successful social engineering strategy,” said Anderson.
“Phishing remains the most prevalent web-borne attack, accounting for up to 55% of the breaches companies experience”, according to the company's recent web security study.
The website has been set up to host a legitimate-looking RBS phishing page. Here, victims are asked to hand over their credit card services username, PIN, Internet password, email address, and email address password.
Once this information is handed over, the victim is taken to the genuine RBS website.
The outages also point out the banking vertical’s unique challenges. “As well as heavy investment in sufficient IT infrastructure and defenses, financial organizations need to clearly communicate the potential threats their customers face during such hiatuses in service to ensure heightened awareness and damage control,” Patel said. “These types of attacks highlight our dependence for the need of a secure cyber-environment that consumers can trust and depend on.”
No comments:
Post a Comment