Phishing scammers recently hacked the web sites of three Florida banks and redirected their customers to spoof pages, marking an apparent milestone in phishers' use of bank web sites to construct more credible frauds. Previous scams have managed to manipulate financial sites through cross-site scripting and cross-frame content injection, but didn't gain access to the server hosting the banks' site.
Not so for the attack on Capital City Bank, Wakulla Bank and Premier Bank in northern Florida. On March 14 hackers were able to break into the servers of ElectroNet, a Tallahassee, Fla. service provider which hosted the web sites for all three banks. The main business URL for the banks' were redirected to identical spoof sites on offshore servers, which asked customers to provide their login details.
The intrusion was detected about an hour after it started, ElectroNet CEO Allen Byington told the Tallahassee Democrat. Byington said that ElectroNet stores no confidential data on its computers and that the company was "working closely" with law enforcement agencies investigating the incident. The banks' sites were shut down for several days, and bank officials said the financial losses were "minimal," and that any customers who lost money were reimbursed by their respective banks.
Since the attackers redirected bank customers to spoof sites hosted elsewhere, this type of attack could be detected by users of the Netcraft Toolbar, which displays the name and location of a site's hosting service.