HUNDREDS of clients of Slovenská Sporiteľňa, the country's largest bank, received what looked to be an official email in late March that announced their accounts had been blocked and would stay so unless certain personal data was submitted.
In fact, the email was what's known as a phishing scam, designed to trick internet users into handing over their financial information.
The website the data would have been submitted to had no connection whatsoever to Slovenská Sporiteľňa.
Slovak internet users are used to receiving unsolicited emails that pretend to be from trusted websites, but this is presumably the first time a fake email has assumed the identity of a Slovak bank.
Clients received the first emails, written in English, on March 24.
"As part of our security measures, we regularly screen activity in the system," read the scam mail. "During a recent screening, we noticed an issue regarding your account. For your protection, we have limited access to your account until additional security measures can be completed."
Then the email requested that the clients update and verify their information by checking the secure link attached in the email, which was signed as being from "the Slovenská Sporiteľňa, a.s Account Review Department."
The next day, on March 25, the emails started arriving in Slovak.
Slovenská Sporiteľňa immediately began warning clients not to reply to them. So far, no cases of abuse among the targeted accounts has been reported, Štefan Frimmer, spokesman for Slovenská Sporiteľňa, told the media on March 25.
Nevertheless, the bank will file charges against the unknown offender.
Slovak IT security firm ESET detected the Slovak version of the phishing scam when it updated its database of samples, ESET told the SITA newswire.
Slovak users are generally skeptical of emails requesting personal data, but awareness of phishing is probably still low because they don't have a lot of experience with such scams, especially ones written in Slovak, according to Ivan Kopáčik of the IT Association of Slovakia.
"Slovak is not a widely-spread language and the number of internet users in Slovakia is low compared to the western world," he told The Slovak Spectator.
But Kopáčik pointed out that internet banking services are usually used by clients who have a certain level of awareness about the risks.
Nevertheless, attempts to scam Slovak clients of large international firms, such as banks, will likely become more frequent, he said.
Such emails take different forms, including an announcement that the client's account has been blocked, a customer satisfaction survey, or a statement the data will be used for the client's protection, Kopáčik said. The email usually includes an internet address that gives the impression its from a trustworthy website of an official institution.
Kopáčik said that similar attacks have occurred in Slovakia in the past, but that the companies involved are not eager to publicise them. Slovenská Sporiteľňa has been the target of two such attacks, while Tatra Banka was targeted once, he said.
A phishing email can be identified by its contents, Kopáčik continued. Large, credible financial institutions never ask clients to provide sensitive data of any kind via email, he said.
Martin Baranovič of Eset told the Sme daily that scammers often acquire the data with the intention of trading it, not abusing it.
"The trade of such information is a big business," Baranovič said.
(With files from Marta Ďurianová)
31. Mar 2008 at 0:00 | Beata Balogová