The message appears to be sent from a website whose URL is firstname.lastname@example.org saying:
“Dear [e-mail address of the user], Wall-Street team has the pleasure to inform you that you are the winner of the contest «Win an iPhone with Wall-Street.ro!» Thank you for your attention to, and we are happy to invite you to participate in our further competitions!
For further details on how to get the prize (Apple iPhone 4GB), please visit http://loppa.ch
Best regards, ConstantinDraghici, initiator of «Win an iPhone with Wall-Street.ro!»”
Name of the subscriber is fake, and does not correspond with any of the InternetCorp employees. At the time InternetCorp team visited the webpage, it was out of order, so they were unable to find out what kind of information were asked to users, as long the webpage was active. InternetCorp team tried to locate the identity of whois.ch domain owner (the attempt failed as the owner’s data were protected by „whois-guard” service).
BitDefender: This message is a double premiere in Romania
According to BitDefender, the message is total news in Romanian internet landscape, where most of the phishing attempts targeted online banking services users.
“It is a double premiere for Romania, because fraudsters considered using the trademark of an online publication, and secondly because they don’t intend on getting details on bank accounts, but usernames and passwords” said Vlad Valceanu, head of Antispam research laboratory with BitDefender.
Wall-Street ascertains that its database was not accessed by fraudsters, messages being randomly sent, to several e-mail addresses of Romanian users. “The phishing attack has no effect on Wall-Street online publication and nor on our readers. InternetCorp, publisher of Wall-Street has immediately taken measures to block this personal data theft, and the web security was not endangered,” Claudiu Vranceanu, editor-in-chief of Wall-Street newswire stated.
50,000 internet users, monthly targets of phishing attacks
In web security technologies, ”phishing” is a criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication, according to wikipedia.org.
Phishing is typically carried out by e-mail or instant messaging, luring the user into giving its confidential data for winning prizes or he\she is notified on technical errors that had led to a loss of original data.
In the past few years, phishing attacks gained magnitude in Romania, users of online banking services being their main targets. Thus, according to data provided by BitDefender, Romania’s five biggest financial groups whose identities were faked were Raiffeisen Bank (50%), BCR (17%), BRD (13%) and Banca Transilvania (10%).
In general, analysts estimate approximately 50,000 victims worldwide of phishing attacks.
How to prevent loss of confidential data?
Recommendation for Internet users:
- Install web security applications that include modules such as Antispam, Antiphishing, and Antimalware
- Always delete spam messages
- Do not open e-mails and files attached from unknown senders
- Don’t access any link of the spam messages (it might trigger installation of malware)
- Do not respond to any emails that request personal information (usernames, passwords, PIN, debit and credit card numbers)
- Avoid giving e-mail address or other confidential information to website that requests them
- Use at least two mailboxes - one for regular mail, and one for online forms that request e-mail addresses to access its content
- Avoid using e-mail address in databases, talk groups, forums and contact list
Wall-Street readers who received the aforementioned e-mail, are asked to send to email@example.com the full content of the message by “forward as attachment”.
Translated and adapted by Camelia Oancea.
In lipsa unui acord scris din partea InternetCorp, puteti prelua maxim 500 de caractere din acest articol daca precizati sursa si daca inserati vizibil linkul articolului Wall-Street.ro, target of first phishing attack on domestic online publishing.