Germany's Postbank AG has been the target of another phishing attack, its third after two back-to-back assaults last year.
"The attack came around midnight, but as far we as know, none of our customers have revealed any confidential banking information," said Postbank spokesman Hartmut Schlegel in a telephone interview on Monday.
Customers of the large state-owned retail bank received an e-mail requesting them to enter two TANs (transaction authorization numbers) for security reasons. The e-mail address was: firstname.lastname@example.org.
The Web site was blocked "within a relatively short period of time," Schlegel said. He declined to provide details about who blocked the site and how.
Phishing attacks use spoofed e-mail and fraudulent Web sites to fool respondents into entering personal financial data such as credit card numbers, account user names and passwords, which can then be used for financial theft or identity theft.
Until last year, most phishing attacks have been aimed at customers of banks in English-speaking countries, such as the U.S., U.K. and Australia, but over the past few months, numerous other countries, including Germany, have become targets.
Postbank suffered two attacks last August, following a separate attack on Deutsche Bank AG.
"So far, none of our customers have been affected by these attacks," Schlegel said.
All three of the phishing e-mail messages were written in poor German, according to Schlegel. "This raised a warning flag to most of our customers," he said.
Postbank has informed customers of the rising risk of phishing attacks on its Web site and in separate mailings, and advised them never to provide their PINs (personal identification numbers) or TANs online, according to Schlegel. "It's a ongoing educational process," he said.
Most German online banking customers are required to provide a PIN and TAN for each Internet transaction.
Postbank, like most other German banks offering online banking services, sends customers a list of TANs by mail. However, for those who want a more secure way of receiving these numbers or who are traveling and prefer not to carry the list with them, the bank has launched a new mobile TAN service, the first of its kind in the country, according to Schlegel.
The service works like this: After customers have requested a TAN by Internet, the number is automatically generated and sent to their mobile phone. The number is valid only for several minutes or the time required to make an online transaction.
The Fraunhofer Institute for Secure Information Technology recently published a study of German banks and their security measures against phishing attacks. Only one bank, Deutsche Bank, received a "very good" rating. No banks received a "good" rating. Postbank was one of five banks to receive a "satisfactory" rating. The remaining banks were evaluated as "sufficient," with the exception of one, Sparda-Bank Hamburg eG, which failed to make the grade altogether.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.