A new phishing variation has appeared. Crooks cracked web servers for three banks in Tallahassee, Florida and redirected login URLs to offshore servers. The banks were Capital City Bank, Wakulla Bank, and Premier Bank.
When the Tallahassee Democrat reporter called me, I made up the attached graph to illustrate connectivity to the servers for those banks. All three banks were served by two servers. Both servers are owned and routed by the same local Tallahassee provider, ElectroNet. Both servers run Microsoft Internet Information Services (IIS). The first story didn’t mention these details, but the second story did. The second story quotes the hosting provider as saying that they detected the problem and stopped it within an hour.
This sort of thing should be easy for such providers to detect; just run automated tests frequently that compare URLs to what they should be. It is, unfortunately, very hard for bank customers to detect, since the bank site looks just like it always did. This scam is rather like the one of several years ago in which crooks made up fake ATM front panels that they placed over the real ATMs, so that customers were fooled into thinking there was nothing amiss. The customers even got their money as usual, but the crooks got their information for later withdrawal.
This new scam is like phishing without the intervening electronic mail step. Because it is the bank’s own web (hosted, in this and no doubt many other cases) server that is compromised, the customer has even less reason to suspect anything amiss. Fortunately, it should also be easy for banks or their hosting providers to stop.
The crooks didn’t get a lot of money, but they don’t have to: if they do this successfully to a few hundred small banks scattered around the world, they can make enough money to retire and disappear. It does provide a sense of deja vu to see the kind of scam that was predicted in William Gibson’s 1985 science fiction novel Neuromancer playing out in the real worlld. It’s taken 20 years, but nowadays we are living in the Matrix.