Blog: Phishing mail asks for TAN list photo/scan ( Deutsche Bank)

[menotu]

heise Security -26 November 2012, 17:01

A new phishing email circulating in Germany is asking customers of the country's largest banking establishment, Deutsche Bank, to upload photographs or scans of their bank-issued TAN (Transaction Authentication Number) list to a maliciously fabricated web site. TANs are used by many banks in Germany to authenticate transactions during online banking sessions. The customer receives a printed list of TANs, essentially one-time passwords, via mail and has to use a randomly selected number from the list each time they want to send money or approve other transactions. The phishing email directs users to a deceptive web page where the scammers claim that the upload of the TAN list is needed as Deutsche Bank supposedly changes their iTAN technology for a mobile TAN (mTAN) system on 1 January 2013.

The short time frame is apparently designed to increase the pressure on the victims of the phishing emails. The H's associates at heise online received copies of similar emails that were apparently asking for the information to be uploaded by the next day or the customer's account would be disabled, incurring administrative charges. The text in the emails and on the faked web site claims customers have to upload a photo or scan of their TAN list so that it can be reviewed by employees of the bank to switch the account to the new mTAN system. The scammers also ask for the login details for the account and the user's mobile phone number.

The web sites are a professional reproduction of Deutsche Bank's actual online banking interface and, like the phishing mails themselves, include relatively few spelling mistakes and grammatical errors. Add to this the fact that customers in Germany are now well used to having banks switch from iTAN to mTAN systems, and the phishing emails are fairly convincing. Banking customers are reminded to always contact their bank if they receive emails such as these. However, customers should never contact their bank through phone numbers or email addresses listed in phishing emails as those numbers and addresses could also lead to fake bank employees.

http://www.h-online.com/security/news/item/Phishing-mail-asks-for-TAN-list-photo-1757018.html

[menotu]

heise Security - 6-Dec-2012

Trojans infected the victims' computers and then their mobile devices in order to get past the banks' two-factor authentication processes.

A malicious program installed on an infected Windows computer began the process by monitoring and manipulating the victim's online banking sessions. In this seemingly trustworthy context, it would then ask for the user's mobile phone number and operating system in order to install an important security update. Users who installed the apparent update that was sent to their mobile phone were really installing a Trojan that then proceeded to steal mobile TANs (mTAN) and forward them to the crooks.

The stolen data was stored on compromised servers; to keep them a secret, the attackers occasionally changed servers and domain names. The Trojan was written for Android and Blackberry; there doesn't seem to be an iOS version. Since the number of Android users is growing, ZitMO's potential coverage is quite large.The mTAN system is used throughout continental Europe and provides online banking security by giving the customer a list of one-time passwords to add an additional factor to the authentication process.

http://www.h-online.com/security/news/item/Millions-stolen-with-mTAN-fraud-1763923.html