In a recent report by MX Lab, cyber syndicates and other criminals have been sending Dutch language phishing spam to the email inboxes of Belgian and Duth clients of ABN Amro. In official-looking emails, the phishing spammers tell their would-be victims that ABN Amro has recently reviewed the recipients’ accounts and are suspicious of recent seemingly unauthorized entries. The fake email then goes to say that since ABN Amro is greatly concerned with the account security of its clients, it has restricted use of certain aspects of the account. However, the fake email reassures potential victims that they can restore full use to their accounts if they can confirm key personal identification.
In order to “confirm” the victims’ identities, the fake email asks the would-be victims to click on a link and enter their personal information at the site. The link goes to www.abnamro.nl/en/login/identification.
The email then thanks the would-be victims for giving ABN Amro the opportunity to secure and safeguard their account. The email then gives the standard boilerplate of opting out of the email list and choosing a contact preference. There is even a reassuring statement that the bank will always keep the recipients’ security in mind. Then things get nasty quickly. Part of this obligatory “we are about your security” boilerplate text is text saying that if recipients want to know more about the Bank’s security procedures, they should go to the ‘privacy and security’ page on the Bank’s website. However the link in the email goes to an official-looking page that asks for all sorts of sensitive personally identifying information including passwords, PINs, and credit card information. Legitimate financial institutions never ask for this information.
This is not the first-time ABN Amro clients have been hit with a phishing scheme, MX Labs reported earlier that during November of 2011, several ABN Amro spoofed emails were circulating among Dutch account holders. There were five different versions of the fake emails. Security consultants urge the public at large to be very careful of such schemes and to know the warning signs-chief of which is legitimate bank sites will never ask for certain types of personally identifying information. If you get asked for these, delete the email immediately.