Cyprus’ banks will not SMS you a login link to reactivate your account

Over on the blog we’ve covered global phishing (pronounced ‘fishing’) attacks normally run through social media or emails (how to spot them and why they’re so dangerous) but we’ve picked up a scary variant targeting folks in Cyprus via SMS.

Now, the reason this is more dangerous, is we’ve been trained into distrusting short unexpected emails from people, and so have our parents and their generation. This normally means that mine would forward you around 50 scammy emails a month, but so be it to keep their accounts safe.

SMS however is still heralded as a ‘safe’ medium. After all only people you know have your number, right? Folks, like your bank for example. Not so much. So many more people have your number than you’d like to believe.

There are a number of ‘lists of mobile numbers’ available for purchase to marketers on the island, and that’s a whole different kettle of fish, but it appears a group of scammers have gotten a hold of some of these lists and have begun attacking our accounts, through our pockets.

Ok, so enough with the scary prologue.

What is this phishing attack, how do I spot one, and how do I protect myself?

A phishing attack aims to gather information from you by masking an illegitimate website as one that you trust.

These attacks mask themselves as mobile versions of specific banks websites. According to reports from Dino Pastos (a prominent local information security consultant), the SMS messages are sent out at random and are not targeting customers of any specific bank, giving a clue that no internal bank database was compromised.

The SMS gives a short message in Greek (at present) saying that your account is blocked/suspended and gives a link of the form:

Spotting the deception just takes a second of concentration. Instead of linking you to, they’ve replaced the first dot with a dash. Cheeky! (Other alterations can include changing o’s with 0’s and i’s with l’s)

Once you’ve logged into the fake page, your details are saved and sent to the attackers, so they can access your account. From the information we’ve received from Dino, the phishing attack then asks you to give credit card and personal details to verify your account.

With those details they can take over your account, authorise transfers and even buy things online or in foreign countries.

So long story short, if you receive a random SMS from your bank containing a link, it’s best to just call your branch and ask them about it. Rather look sheepish to your bank, than naively hand over access to your entire account to a cheeky hacker.

Both banks we’ve seen attacks for have been notified and are investigating with the Cyber Crimes division of the Cyprus Police Force.