Cybercriminals are after personal and financial information

Nov 22, 2013 15:14 GMT  ·  By

Experts have come across around 100 identical TESCO phishing pages hosted on a compromised Australian website. The phishing pages are designed to trick TESCO customers into handing over their personal and financial details.

According to ThreatTrack Security experts, the website on which the phishing pages are hosted, mrqos.com.au, was recently hacked and defaced by a hacker group called Kurdish Elite Security Team.

Users who end up on the site are first instructed to hand over their username. On a second page, they’re asked to enter their PIN, Internet password, CVV2 and email address.

In the next phase, users are told to provide other information, such as name, mother’s maiden name, address, phone numbers, date of birth and bank account number.

On the same hacked website, a different directory stores another type of TESCO phishing page.

At the time of writing, the website is flagged by Google. However, the phishing pages are still present.

In order to make sure that you don’t fall victim to such scams, always remember that a genuine bank website is protected by an HTTPS connection indicated by a green padlock icon in the web browser’s address bar.