14 DAY TRIAL // Trend Micro experts have come across an interesting mobile phishing attack. In this scheme, the cybercriminals don’t settle with stealing banking information, they also trick victims into handing over email logins and copies of government-issued IDs.
At first sight, there doesn’t appear to be anything special about this attack. Potential victims are presented with a replica of the bank’s mobile website and instructed to enter their user ID and password.
Once the data is entered, users are presented with a second webpage that asks for their email address and password. This allows the cybercriminals to maintain control of the account even if the victim tries to recover it.
Finally, victims are taken to another page where they’re told to upload a copy of their government-issued ID (passport or driver’s license).
Experts warn that the harvested information can be utilized by the crooks for all sorts of scams and fraud schemes.
While scanned copies of identification documents have been around for quite some time in the cybercriminal underground, phishing attacks that target such materials are new.