Online Security, a global provider of computer forensics and information technology risk mitigation since 1997   Original Source:    http://www.globetechnology.com/servlet/ArticleNews/TPStory/LAC/20030912/RBMOO12 Net scam targeted bank customers Author:  SINCLAIR STEWART Bank of Montreal, Caisses Desjardins Web sites cloned by hackers to steal data Police are investigating an elaborate Internet scam that cloned the Web sites of Bank of Montreal and Mouvement des Caisses Desjardins in order to trick customers into providing their personal account information. Hackers posing as representatives from the two banks circulated spam e-mails this week, inviting people to click on an Internet link for a chance to win $500. Instead of taking customers to the home pages of BMO or Desjardins, however, the link whisked them to look-alike Web sites where they were asked to enter their bank card numbers and passwords. The e-mail also contained what it known as a "Trojan Horse" virus, which is activated once people click on the Internet link. The virus essentially enables hackers to take control of an infected computer and access files and personal data. Staff Sgt. Paul Marsh, a spokesman for the Royal Canadian Mounted Police, said the Mounties are investigating the incident in conjunction with international law enforcement agencies. He declined to discuss details of the probe, but said this appears to be the first time hackers have cloned Web sites in Canada in an attempt to defraud banking customers. "It's the first time I'm aware of this particular scenario," he said, adding that Internet cloning has typically been used for identity theft. BMO learned of the hoax after receiving a call from one of its customers on Wednesday morning, and managed to shut down the fraudulent Internet site a few hours later. Ian Blair, a spokesman for the bank, said between 50 and 55 on-line clients contacted BMO to say they had received the e-mail. Of these, only five actually visited the phony Web Site and shared their private information. The bank has already changed the passwords of these customers, and so far it seems none of the accounts have been tampered with. Mr. Blair said the bank is still trying to determine whether other customers have visited the fake Web site and surrendered information. Security officials at the bank are still uncertain who is behind the scam, but Mr. Blair said early indications suggest it began somewhere in the western United States. It appears as though hackers used a screen capture of the bank's Web site, and posted the image at a different Internet address. The text on the site was altered, and it urged customers to log into the system with their passwords in order to participate in the contest. André Chapleau, a spokesman with Desjardins, said he immediately knew something unusual was afoot after customers reported they were receiving e-mails in English from the Montreal-based financial services co-operative. "We had about 10 or 12 calls from our members who were first of all surprised that they had received an English e-mail from Desjardins," he said. "To start with, it was a little boo-boo from the hoaxers." Mr. Chapleau said Desjardins traced the e-mails to a server in Pennsylvania on Wednesday, and had the site shut down. The phony site resurfaced a few hours later, but was taken off line for good that evening. As far as Desjardins is aware, none of its customers gave up their passwords to the hackers, although the bank is still probing the matter. Both banks, meanwhile, insisted it is safe for customers to continue with their on-line banking, so long as they access the Web sites the way they normally do: by punching in the Internet address. "It's still safe to bank on-line," said Mr. Blair, who suggested banking customers should get in the habit of changing their passwords frequently as a security measure. "Any on-line banking customers should be vigilant when receiving an e-mail claiming to be from their financial institution," Mr. Marsh added.