The Prague Post Online: Business: Gone phishin'

May 10th, 2008

Reader's Survey Endowment Fund Book of Lists ONLINE Reservations Classifieds Subscriptions

Prague Art & Antiques Prague Art Prague Antiques

Gone phishin'

Bank customers drowning in a tide of fraudulent e-mails

By Michael Heitmann
Staff Writer, The Prague Post
March 19th, 2008 issue

enlarge

Česká spořitelna (ČS) has a phishing problem.

Since the beginning of the year, the bank has seen a rapid increase in the number of fraudulent e-mails and fake Web sites targeting its customers. The attacks use a scam method popularly known as “phishing” to persuade ČS customers into thinking they have a critical problem with their account, which results in the perpetrator eventually stealing the victim’s personal data.

“It’s a massive phishing attack, the worst to date,” said Kristýna Havligerová, a ČS spokeswoman. Both the bank’s clients and regular Internet users in the Czech Republic have been indiscriminately targeted.

“It’s hard to determine how many clients and nonclients have found these e-mails in their mailboxes,” she said. Each day the bank receives thousands of attacks. “We assume that many clients received those phishing e-mails [as well].”

The attackers picked ČS as their target because it has the greatest number of clients of any domestic bank, Havligerová said. Many of these customers, including pensioners, are holdovers from the communist era, when ČS was the only option for retail banking.

A number of ČS online banking clients have been conned so far; exact figures are unavailable. Pressed on whether ČS reimburses its clients for their losses, Havligerová said that the bank handles these cases on an individual basis.

ČS has already filed several criminal complaints against persons unknown and is cooperating with the police in its investigations, the bank said.

“The police’s rate of success [in finding the source of the attacks] is unfortunately not too high,” Havligerová said. “But it’s getting better. We are confident they will catch at least one or two of the attackers.”

A successful investigation is more likely if the attackers are from the Czech Republic. The odds drop dramatically if the phishers come from a former Soviet Union country, where much of the world’s spam and e-mail frauds are thought to originate.

Misplaced trust?

While investigations continue, ČS is doing its best to protect e-mail users from the scams, updating its anti-phishing and anti-spam databases, Havligerová said.

As long as Internet service and e-mail providers use these databases, this system works very well and reduces the number of fraudulent emails. While the filters do provide a degree of protection, they’re no substitute for common sense.

“The majority of our clients recognize immediately that it’s a scam,” Havligerová added.

When phishing e-mails arrive, they follow a typical pattern, telling the recipient that their account has been put on hold until their personal account details are verified, or that the bank is updating its clients’ personal information to “reduce fraud.”

The e-mail then directs victims to a Web site posing as ČS’s online banking system. When users enter their login name and password, the criminals can then access the information.

Since the messages look like they come from the bank’s Internet domain, Csas.cz, many can be fooled by the attacks, especially since online banking is still a developing phenomenon in the Czech Republic.

Only 24 percent of Internet users in the country have signed up for online banking, according to Eurostat statistics released Feb. 8. Less than half of the Czech population used the Internet at all in the past three months, compared with 72 percent in the United Kingdom and 79 percent in Finland.

Unlike some West European countries, residents of the Czech Republic put much trust in Internet transactions, which could help explain the number of attacks. Only 3 percent of the adult Internet-using population refused to order goods or services online because of concerns about giving away credit card or personal details. In Spain and Finland, this rate is 27 percent and 26 percent, respectively.

ČS says it is doing all it can to inform its clients.

“We inform [our clients] on our Web site about phishing attacks as needed and on a regular basis,” Havligerová said. Information is also provided to clients whenever they log on to Internet banking. “We explain what phishing means, show examples of phishing e-mails and give advice on how to react.”

Phishing as a con isn’t new: It predates computers, with scammers previously relying on phone calls to obtain personal information from unwitting victims.

Now, as education about phishing improves, there is evidence that these scammers may even be returning to their old ways. The Prague Post has received a report that a foreign resident in Prague received a phone call from an unidentified source claiming to be ČS, following a similar pattern to the e-mail scam.

ČS has not registered any similar complaints, Havligerová said.

Michael Heitmann can be reached at mheitmann@praguepost.com

Help us improve The Prague Post - fill out our Reader's Survey.

Other articles in Business (19/03/2008):

Browse the Current Issue


If you enjoyed this article, why don't you subscribe to the print version! We accept secure online transactions provided by PayPal and Moneybookers

Be the first to add a comment!

Most e-mailed articles
A banner year for Prague Spring Eager to consume, Prague is selling its soul Rent pushes out Cubist bookstore

Related articles
Greasy spoon

Most visited in Book of Lists

The Prague Post Online contains a selection of articles that have been printed in
The Prague Post, a weekly newspaper published in the Czech Republic.
To subscribe to the print paper, click here.
Unauthorized reproduction is strictly prohibited.