'Cyber criminals try to steal passwords of PNB customers'

Cyber criminals tried to steal passwords of corporate and individual customers of Punjab National Bank (PNB) last week, global cyber security firm Websense said.

 

California-based Websense, which provides protection against cyber attacks and data theft, said it was able to block the intrusion, which involved a phishing attack.

 

Phishing involves sending emails purporting to be from reputable firms to unsuspecting individuals and also corporate entities to induce then in revealing personal and financial information like passwords, credit card numbers, etc.

 

"Last week, Websense Security Labs came across a phishing email targeting PNB customers. The phishing attack was aimed to obtain password of corporate and individual customers," Websense Regional Director India Surendra Singh told PTI.

 

PNB is not the client of the company, but these phishing mails were sent to several individuals and some corporate who are clients of Websense, he added.

 

PNB officials were not immediately available for comments.

 

Singh said this phishing campaign requires the recipient to open an email attachment and fill in the required fields, including user ID, password, transaction password and mobile number.

 

Once completed the form redirects customers to a legitimate bank site, while their personal information including password credentials are sent to a server under the attacker's control, he added.

 

"This information is often sold by cyber criminals to the Internet underworld or they use it themselves, Singh said.

 

There has been an increase in the intensity and number of phishing and other cyber attacks trying to steal financial information from individuals as well as corporate and Websense expects such acts to grow in the future, he added.

 

The firms security predictions for 2014 projects that cyber criminals will rely less on high-volume advanced malware because over time it runs a higher risk of detection.

 

They will instead use lower volume, more targeted attacks to secure a foothold, steal user credentials and move unilaterally throughout infiltrated networks.