SunTrust site exploited by fraudsters
6th December, 2004
The phishing emails received by Netcraft contain the following HTML to create a hyperlink to the SunTrust web site:
Fraudsters have noticed opportunities in SunTrust's internet banking operations previously, and a similar attack was executed in September.
Careless application errors and inadequate testing are believed to be an industry wide problem for internet banking, and even though it would seem to the man in the street appalling that someone could run a fraud from a bank's own site, SunTrust competitors are unlikely to be strongly critical through fear of similar problems with their own facilities.
Netcraft has highlighted the threat of cross site scripting and script injection used for fraud, and provides a range of services for banks and other financial institutions to try and eliminate these kinds of errors from their systems, including comprehensive application testing and training for developers and designers of web based applications.