December 28, 2005

Sand Phishing Strikes Saudi Arabia

I predicted that given the relatively poor attention given to the risks posed by information security and identity theft in the broader Arab world, attacks on Arab banks were inevitable but writing “told you so” holds no joy. Arab News reports that on Sunday, the Samba Financial Group became the target of a “phishing” attack. E-mail directed users of Samba Online banking services to proceed to an “authorization page” where they would be assisted in measures to increase their level of security in regard to Samba’s Internet banking transactions. A link in the e-mail led to the site, www.sambaonlineaccess.com, which had been registered on Sunday specifically for use in the attack. At the site, a registration form requested such details as user name, password and national ID number. The intention of the fraud was to steal financial and personal information from Samba customers.

After being notified of the phishing attack, the Internet Services Unit at KACST blocked the URL. As of yesterday afternoon, however sambaonlineaccess.com was still live and could be accessed by anyone outside of Saudi Arabia. This is of particular concern to Samba customers who may be travelling abroad at this time and while accessing their e-mail might respond to the fraudulent request for information.