We understand that your business is very important to you and to prove you that we understand this we, the Dev-Vision team, would like to inform you each time potential Internet threats appear (threats like phishing attacks, malware such as: viruses, worms, trojans, rabbits) that can affect your business, your business’s or even your own safety.

What is a phishing attack?

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging, and often directs users to enter details at a website (usually a clone of the bank’s website), although phone contact has also been used. Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

The Anti-Phishing Working Group, an industry and law enforcement association, has suggested that conventional phishing techniques could become obsolete in the future as people are increasingly aware of the social engineering techniques used by phishers. They predict that pharming and other uses of malware will become more common tools for stealing information.

How to fight phishing attacks?

• Social responses: One strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be promising, especially where training provides direct feedback.

• Technical responses: By using anti-phishing software, such as the new versions of Opera Browser, Windows Internet Explorer 7 and Mozilla’s Firefox version 2 and above identify and stop websites clones presented for phishing attack purposes.
  Specialized spam filters can reduce the number of phishing emails that reach their addressees' inboxes. These approaches rely on machine learning and natural language processing approaches to classify phishing emails.

We would like to announce that today (15th of April, 2008) a new phishing attacked was launched, targeting all the clients of Banca Transilvania (a popular Romanian Bank). Here, at Dev-Vision, we identified the e-mail with the following content:

Incepand cu data de 16 - aprilie - 2008 serviciul Fastbanking de la Banca Transilvania va fi obligatoriu pentru toti clientii care poseda cardul maestro Banca Transilvania Direct.
Pentru incepe procesul de inregistrare la serviciul Fastbanking de la Banca Transilvania Click Aici.
Va multumim pentru intelegere

We have promptly reported this attack to the bank’s representatives and we hope they will take immediate action against these criminals. If you are one of the bank’s clients or if you received this specific e-mail, with the above content, please delete that e-mail immediately. We are sure that this e-mail represents a phishing attack and the site you are redirected to (to start the “registration process”) is no site of Banca Transilvania, but a clone of this bank’s website, used for phishing purposes only. The bank’s official site is: www.bancatransilvania.ro.

How can you verify if the mail comes from Banca Transilvania?

• Not one bank asks for your registration using an unencrypted connection. You may check if the connection is encrypted by looking at your browser’s address bar. If the URL protocol starts with http:// instead of https:// then the connection is insecure and, as we are discussing about you’re your company’s money, I really doubt that there is a bank that likes to take the risk in losing your money – besides, is their image at stake.
• Always check if you are on the bank’s website. This bank’s website finishes with bancatransilvania.ro. This address may be followed by a “/” and a page path. Still, the presence of the text bancatransilvania.ro is a must.
• Ignore the message and ask for information an authorized person from inside the bank. This way you can be sure if the e-mail asking for your data really comes from that specific bank.
• Never offer sensible data over the Internet.

This website’s address has been already reported to Firefox and this browser (in its newer versions) warns about the phishing attack when you try to access the criminal’s site clone.

Never forget that phishing is a crime and can make you vulnerable against this type of threats. Besides, the attackers will quickly empty your bank accounts. We would not like this thing to happen especially to our clients, that’s why we announce you each time such threats appear.

Dev-Vision team is at your disposal for more details and information regarding this attack.