Ok, so I open up today’s spam mail folder and there at the top of the queue is a phishing email ‘from’ the NatWest Bank.
Clicking on the "log in" button takes you to a perfect replica of the NatWest site with a page for visitors to enter in their information to ‘verify’ their account.
The dead give away was the URL contained a non-NatWest looking domain. What caught my eye this time, was the fact that I recognised the website that had been hacked.
Rather than set up their own web server to ‘host’ the target bank web sites, one method the bad guys employ is to use a ‘hacked’ website.
In this case, the bad guys had obviously hacked their way into "Company A’s" web server (who being an innocent party here, will remain anonymous).
They then uploaded their imitation "NatWest" bank site to which they would direct users from within the phishing email.
In this case, the phishing website would email any data entered into the fake form back to a central account which would be read by the attackers.
At the time of opening this email this morning, it already being detected by several anti-phishing filters, so at least those users would have been protected. (Note: If you haven’t installed McAfee SiteAdvisor toolbar for Firefox or IE, then go do it now. It’s free and it works).