This instance of phishing may have netted some but no money has been lost yet Online Banking Service 11 July, 2011 - Customers of the country’s two oldest banks, Bank of Bhutan (BoB) and Bhutan National Bank (BNB), have recently been targeted by online fraudsters working from Nigeria and, possibly, even within Bhutan.
The online fraudsters target customers using the two banks’ internet banking services. They do this by sending emails to lure customers to a fake website, resembling the bank’s internet banking login page. The fake login page then requires the customer to submit user identification, password, personal identification number (PIN), and other account details. This information is then submitted to those behind the scam.
While both banks had no concrete numbers on how many of their customers may have fallen for the scam, so far, no loss of finances had been reported, according to BoB and BNB information technology (IT) personnel. BNB IT head, Mann B Rai, said that the bank had identified only three cases, where customers had submitted their account information to the online fraudsters, but that no money had been lost.
The scam has prompted both banks to increase their internet banking security. Both banks have updated and added more levels of authentication security. BNB has even reported identified phishing sites to Google, said Mann B Rai.
They have also focused their efforts at making customers more aware of the mechanics of such scams. The IT heads of both banks said that the institutions would never ask for a customer’s account details, such as user ID, password, or PIN, by email or telephone. Using different media platforms, both banks continue to send their customers alerts and information on the scam.
Mann B Rai pointed out that, since such scams, referred to as ‘phishing’ in IT terminology, are a social engineering technique, basic responsibility falls on individual users to avoid and take preventive measures from falling victim to such scams.
BoB IT head, Sonam Kezang, pointed out that, by simply looking at the address bar of the web browser, a phishing website can be identified. Both banks provide the “secured” addresses of their internet banking web pages on their websites. Sonam Kezang said that the web address would have to be noted by customers.
Mann B Rai said that BNB had traced the origins of the scam to Lagos, Nigeria. Sonam Kezang pointed out that, since one of the phishing websites targetting BoB customers was hosted on Druknet, BoB has asked the internet service provider for assistance in tracing those responsible.
By Gyalsten K Dorji, Kuensel
The online fraudsters target customers using the two banks’ internet banking services. They do this by sending emails to lure customers to a fake website, resembling the bank’s internet banking login page. The fake login page then requires the customer to submit user identification, password, personal identification number (PIN), and other account details. This information is then submitted to those behind the scam.
While both banks had no concrete numbers on how many of their customers may have fallen for the scam, so far, no loss of finances had been reported, according to BoB and BNB information technology (IT) personnel. BNB IT head, Mann B Rai, said that the bank had identified only three cases, where customers had submitted their account information to the online fraudsters, but that no money had been lost.
 |
| An example of a fraud email |
The scam has prompted both banks to increase their internet banking security. Both banks have updated and added more levels of authentication security. BNB has even reported identified phishing sites to Google, said Mann B Rai.
They have also focused their efforts at making customers more aware of the mechanics of such scams. The IT heads of both banks said that the institutions would never ask for a customer’s account details, such as user ID, password, or PIN, by email or telephone. Using different media platforms, both banks continue to send their customers alerts and information on the scam.
Mann B Rai pointed out that, since such scams, referred to as ‘phishing’ in IT terminology, are a social engineering technique, basic responsibility falls on individual users to avoid and take preventive measures from falling victim to such scams.
BoB IT head, Sonam Kezang, pointed out that, by simply looking at the address bar of the web browser, a phishing website can be identified. Both banks provide the “secured” addresses of their internet banking web pages on their websites. Sonam Kezang said that the web address would have to be noted by customers.
Mann B Rai said that BNB had traced the origins of the scam to Lagos, Nigeria. Sonam Kezang pointed out that, since one of the phishing websites targetting BoB customers was hosted on Druknet, BoB has asked the internet service provider for assistance in tracing those responsible.
By Gyalsten K Dorji, Kuensel
No comments:
Post a Comment