A new phishing threat aimed at customers of a German-based bank is having an effect globally as it surpasses the Netsky-P phishing malware in detections, according to antivirus vendor Fortinet.
In an advisory issued Oct. 6, the Sunnyvale, Calif.-based vendor said BankFraud.OD!Phish targets customers of Volksbanken Raiffeisenbanken, one of Germany's largest banks. It was first detected Sept. 26 and quickly ramped up to 50,000 detections a day, said Guillaume Lovet, the European threat response team leader at Fortinet.
"This is unusual because cyber criminals now use Trojans and worms to avoid detection," Lovet said. "For that reason, worldwide outbreaks have been very limited."
Though the bank is based in Germany, nearly half of the phishing attacks were detected outside the country, Lovet said. The phishing threat is received through email with an embedded image portraying a message for a Volksbanken client to click a link to update their banking information.
Also unusual, according to Lovet, is that the email attack also contains hidden random sentences similar to sentences used with white-on-white phishing threats, but with a slightly darker shade to avoid being detected by antispam software.
"Phishers use the white-on-white strategy to evade spamming filters, but this is the first time we've seen a slightly darker shade used, so it has slipped through some spamming filters," Lovet said.
The new phishing threat outpaced Netsky-P, making it the top phishing threat globally, Lovet said.
Netsky-P is often used as a benchmark for mass mailing phishing attacks, Lovet said. The only other phishing attack to ever surpass Netsky-P was the eBay!Phish of 2005, which was a threat to a global online retailer, he said.