Sophisticated "Sparkasse" phishing site targets German credit cards

08/17/2012
G DATA Blog

German banks have not been in the focus of phishers lately, because phishing for German online banking log-in details only is no real use for the fraudsters – the transactions are widely secured by two-way-authentication – attackers usually attemp to harm online banking users by the help of sophisticated banking Trojans. Now we see a different approach in this area: credit card phishing, especially aimed at German bank customers.

Looking at a screenshot of this very well designed phishing website, one cannot find any obvious hint for scam. Even all active contents like the stock market charts and advertisements are implemented:
Screenshot of phishing site, attempting to get German credit card details

All links provided lead to the original bank website and a customer would not suspect anything. The site shown above (menu: individuals > accounts & cards > credit card) is the only one that has nothing to do with the original bank's web presence.

Obviously, a click on “Continue” (German: Weiter) will send all user data entered in this form to the fraudsters. The validity of the given credit card number is checked, but only in terms of string length – if one enters a credit card number shorter or longer than 16 digits, an <link file:28664 sparkasse phishing>error occurs. Providing a 16 digit number, the system accepts it and issues a screen saying “<link file:28666 sparkasse phishing>You’ve succeeded!”

Even though we do not yet know the source of the phishing URL, we suspect that users reach this site through a spam campaign in which the fraudsters claim that credit card owners have to activate their credit card or to re-activate the card after maintenance issues.

The German Sparkasse has been informed about this case of phishing.