Symantec has uncovered a cyber scam duping victims into handing over their financial information using a bogus security guidance web page. The security firm reported uncovering the phishing scam in a blog post on Wednesday. The scam targets its victims using a bogus message masquerading as a security alert from a legitimate, unnamed credit card service provider.
"In March, we discovered a phishing site spoofing a popular credit card services company that asked users for confidential information, allegedly for additional security," wrote Symantec's Mathew Maniyara. The message instructed its victims to disclose sensitive banking information that could be used by the attackers to illegally access their finances.
"The phishing site prompts users through a three-step procedure for activating their card and adding higher security. The first step asks users for personal and card-related information," wrote Maniyara. "The personal information includes the users' name, date of birth, residential address, phone number, and email address. The card information includes name of bank, name on card, card number, expiration date, and card verification code."
Phishing scams and attacks on the financial sector are a growing problem facing the security industry. The attacks range in sophistication, with some targeting the sector with basic, opportunistic phishing messages and others utilising sophisticated malware. Prior to the phishing scam Symantec uncovered an evolved version of the Shylock targeting banks.