Following the ascending trend of global e-commerce, the Romanian e-commerce is growing fast. Many Romanians choose to pay their bills, bank or tax rates using Internet banking. However, besides the numerous advantages of these services, there are many disadvantages too. Most of the Romanian financial institutions, who offer online banking services to their clients, are not experienced in IT security. Also, the banks do not provide any information or recommendations related to phishing attacks.

Many credit card owners, who make online purchases, are not familiar with cyber frauds and they cannot avoid becoming targets of these attacks. That’s why, the phishers are taking advantage of the banks’ lack of security measures, customers’ lack of malware knowledge and last but not least, the naivety of people, in order to conceive these phishing scams.

Fig. 1: The email (Romanian)

A new massive spam attack was spotted on the Internet starting with 5th of February with the following subject: „SSL-Secure, Siguranta utilizatorului Internet banking“ („SSL-Secure, The internet banking user’s security”).

This spoof email, sent under the pretext of a false security alert, contains a hidden link, which redirects the users to this fake website.

Fig. 2: The fake website

Usually, the fraudulent website is an identical copy of the original one, but this time the link used by scammers doesn’t even exist on the orginal Raiffeisen website.

Fig. 3: The original website is not available

After submitting some information in the above website (Figure 2), there is an attempt to a redirect to the original website. But, something went wrong this time and the browser goes into an infinite loop:

Fig. 4: Wrong redirect

Avira warned the owners of the websites used for hosting the phishing pages to delete those pages and reminds the users to be extremely careful with suspicious emails and to remember that the banks will never request the PIN card or any other bank details.
The users of Avira AntiVir Premium and Avira Premium Security Suite are automatically protected against these threats. Both are blocking the links and the AntiSpam module detects the email as phishing.

Laura Dobre
Marketing Officer

Sorin Mustaca
Manager International Software Development