Websense Security Labs™ ThreatSeeker™ Network has detected a new phishing kit circulating in the Oceania region. Following on from the UK tax assessment attack, more phishing attacks are surfacing and this campaign targets seven top Australian banks at once along with the Australian Tax Office. Websense customers have been protected against this attack with ACE.
The attack first imitates the Australian Tax Office (ATO) e-tax refund page, an online system where taxpayers can lodge their annual tax refund requests. The kit readies 7 of the biggest banks of Australia, covering almost all accounts. This kit was hosted on compromised Web sites with deep directories specifically mimicking the ATO Web site. Each bank phishing Web site was then placed as follows:
Screenshot of spoofed ATO site hosting 7 phishing sites:
Screenshot of the 7 targeted banks:
Similar to earlier phishing toolkits, this attack utilizes PHP scripts to retrieve, parse, and send on the compromised account information. The kit was also held on several other compromised Web sites to enable the failover of the attack - given the limited lifecycle of phishing sites, more users fall victim to them in the first 24 hours of the attack. The readiness of this phishing toolkit exceeds Rock Phish, a kit that we have monitored in previous years: whereas Rock Phish had a tendency toward volume attack, this is well-crafted and links several financial institutions in one place.