Florida banks hacked in new spoofing attack

Three Florida banks have had their Web sites compromised by hackers in an attack that security experts are calling the first of its type.

Earlier this month, attackers were able to hack servers run by the ISP that hosted the three banks’ Web sites. They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement’s Computer Crime Center.

Users were then asked to enter credit card numbers, PINs and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank, and Capital City Bank, all small regional banks based in Florida.

This attack was similar to phishing attacks that are commonly used against online commerce sites, but in this case hackers had actually made changes to legitimate Web sites, making the scam much harder for regular users to detect.

Phishing attacks generally require users to click on a bogus Web link, but this attack worked on users who had typed in the correct URL for the banks in question.

Breeden said he had not seen this particular tactic used before. He called it a troubling development.

“The bad guys have created a way to take away the safety of typing the address of your bank,” he said “We have to address it now and say to people, ‘Even if you do go to your online bank’s Web site, you need to be very careful.'”

Though Breeden believes that the scam was only operational for “a matter of hours,” and probably affected fewer than 20 banking customers, the technique appeared to be very effective at extracting sensitive information. “Probably some very smart people fell for this,” he said.

The banks’ ISP, ElectroNet Intermedia Consulting, does not house consumer data, so any information obtained by the hackers would have to have been provided directly by victims, the Tallahassee, Fla. service provider said.

The Florida Department of Law Enforcement is investigating the crime with the help of ElectroNet and the affected institutions, ElectroNet said.

The hacking was contained within an hour of being detected, according to the ISP. However, ElectroNet did not say when the attack began or how much time had passed before it was discovered.

Although scammers have traditionally targeted large financial institutions with phishing attacks, that is now changing, according to Rich Miller, an analyst with Internet research company Netcraft. “Lately we’ve seen phishing attacks move down the food chain and target much smaller, regional banks,” he said.

Smaller banks such as those in the Florida scam can sometimes make easier targets, Miller said. “The big banks are able to put more resources into securing their sites,” he said.

Like Breeden, Miller had not seen this type of attack attempted previously.

The three banks in question could not be reached to comment for this story, but Premier Bank is now asking customers to change their passwords after the bank was notified of a phishing scam, according to a note on the company’s Web site.