17/08/2012

Sophisticated "Sparkasse" phishing site targets German credit cards

Sophisticated "Sparkasse" phishing site targets German credit cards Warning

Looking at a screenshot of this very well designed phishing website, one cannot find any obvious hint for scam. Even all active contents like the stock market charts and advertisements are implemented:
Screenshot of phishing site, attempting to get German credit card details

All links provided lead to the original bank website and a customer would not suspect anything. The site shown above (menu: individuals > accounts & cards > credit card) is the only one that has nothing to do with the original bank's web presence.

Obviously, a click on “Continue” (German: Weiter) will send all user data entered in this form to the fraudsters. The validity of the given credit card number is checked, but only in terms of string length – if one enters a credit card number shorter or longer than 16 digits, an <link file:28664 sparkasse phishing>error occurs. Providing a 16 digit number, the system accepts it and issues a screen saying “<link file:28666 sparkasse phishing>You’ve succeeded!”

Even though we do not yet know the source of the phishing URL, we suspect that users reach this site through a spam campaign in which the fraudsters claim that credit card owners have to activate their credit card or to re-activate the card after maintenance issues.

The German Sparkasse has been informed about this case of phishing.