Romanian Softwin company's data security division BitDefender and the IT experts of the Romanian Commercial Bank (BCR) uncovered early on July 18 a phishing attempt - i.e. an attempt to steal personal data - targeting the owners of cards issued by several Romanian banks, according to Rompres and ING Financial NewsThe method involves an email apparently sent by a bank, a big company or a state institution to its clients, asking them to enter a Web site and re-introduce their personal data (personal numerical code, the bank card and PIN, online payment accounts and their passwords).

In this case, the users got an email message apparently issued by the BCR asking them to enter a special Web page, where they were asked to disclose their card number and PIN and the issuer bank.

The message, while ingenious, has many grammatical mistakes, which indicates the hackers might not be Romanian.

The Web site strives to be convincing, and it features Visa, MasterCard and BCR logos; it also contains a form by which the owner of the card - supposed to be issued by banks like BCR, Ion Tiriac, Alphabank, Carpatica, Transilvania, Eurombank, Citibank and HVB Bank - is invited to disclose his/her personal data.
 
The whole scheme relies on the card owner's fear that money from his/her account might have been spent without his/her knowledge.

In order to prevent possible cyber-attacks, the users are advised not to click on a message link and be careful whenever they receive any kind of messages related to financial activities, apparently sent by the banks, since most banks clearly explain in their policies that they will never send emails asking for personal data.

Phishing causes more than 50 billion dollars in damages worldwide a year.

source