Phish Bait:   SunTrust bank customers.

Example:   [Collected on the Internet, 2004]


Origins:   This phishing scheme was disseminated by e-mail in October 2004 and directed at customers of SunTrust bank. It differed from ordinary phishing schemes in that clicking on the link provided didn’t take the user directly to a bogus SunTrust Bank web site; instead, the code launched a browser in the background which displayed the real SunTrust web site while popping up a phony “confirmation” screen in the foreground:


Users who entered personal information such as their ATM card numbers and PINs into this counterfeit form transmitted that sensitive data not to SunTrust Bank, but to scammers based in Russia.

Last updated:   5 October 2004