UAE bank targeted in major phishing attack
Symantec identifies criminals activity but declines to name the bank involved
A bank in the United Arab Emirates was recently the target of so many phishing attacks that it led to the country being mentioned on a list of most affected countries for the first time.
Phishing is the process of obtaining sensitive information including account and credit card details by masquerading as a trusted entity. Most often e-mails are sent out by cybercriminals directing potential victims to fake websites that are designed to look exactly like the original in the hope that they'll be tricked into providing their details.
In the Symantec State of Phishing January 2010 report, the UAE entered the list of top fifteen countries with brands targeted by phishing attacks. It was ranked 14th after "a higher number of phishing attacks on a bank based in UAE led to the country making its debut in the list."
While Symantec declined to divulge the name of the bank involved, Middle East security expert from the firm Bulent Teksoz confirmed that there was not only a major attack against that one UAE bank but a minor one against another local, which could have also contributed to making the country feature on the list.
"We did not observe any use of toolkits based upon our analysis of the URLs. Mainly compromised domains and a few Web Hosts were used for the attacks. The compromised sites spanned the globe (Spain, Russia, South Korea, Germany, Peru, Ukraine, France, Poland, Thailand and the USA just to name a few) and were nearly all non-English sites," Teksoz commented when probed to provide more details on the attack.