Charles Heunemann, general manager for Internet security specialist SurfControl, told ZDNet Australia that earlier this week, researchers from the company noticed suspicious job offers being sent to ICQ members that were based in Australia.
"We set up an ICQ account and in a very short space of time the threat analysis team started getting job offers -- they were saying you needed to have a Commonwealth Bank account," said Heunemann.
Heunemann said that because ICQ is one of the oldest instant messaging applications, it still has a large userbase and cybercriminals are most likely using automated bots to search through users' membership details to find potential victims.
"When you register for ICQ you tend to tell them your country. If you want to target Australian banking customers then you are probably going to need some kind of automatic technology to identify them and then get those messages out," he said.
The text of the attack is as follows:
172-648-577 (09:37 AM) :
Dear Sir or MadamA French LaserMetalSooftware (sic) Company is offering a decent home-based job. No experience needed.
Our requirements:
1. You should be the resident of Australia
2. You should have a CommBank account.
3. You should be able to check your email and icq during the day.If you have any question please contact our HR ICQ: 225152354
Faithfully yours
Jacques Thibaux
The Commonwealth Bank did not respond to repeated requests for comment.
Phishing is a global phenomenon but Australian organisations are increasingly being targeted by criminals.
Earlier this week, online job site Seek was hit by an e-mail-based phishing campaign that attempted to gather confidential details from advertisers.
While speaking at an ID Management conference in Sydney earlier this month, Attorney-General Philip Ruddock said phishers often use the details collected from these attacks to steal the victims identities, which could have a "devastating emotional and financial impact".
SurfControl's Heunemann said combined instant messenger and phishing attacks are likely to increase: "Spam through ICQ is not new and neither is phishing but a combination of the two is new and I think this is another thing we are going to see more of".
Small correction here. It's isn't a phishing attack but is very much related.
This is the second, less well known, part of phishing scams. The money mule systems used to launder the money from the accounts already compromised by phishing scams/trojans.
Most Australian banks don't allow overseas transfers via their netbanking interfaces. This leaves a problem that the phishers who are usually outside of Australia can't transfer the money out.
So they recruit people to act as money mules. People are suckered in by easy jobs that allow them to make quite a lot of money for doing not a lot. Standard procedure for these scams are:
1) Your asked to either have or setup an account with a bank where the phishers already have exploited accounts
2) The phishers then transfer a considerable amount of money (usually under 10 grand in most cases to defeat certain automatic policies most banks have) to your acocunt
3) They then request that you withdraw this money minus a percent "wage" amount and send it via a wire service such as Moneygram or Western Union to an overseas location - usually in Eastern Europe
In this way the money is nicely laundered. When the money is traced the money mule is the one left holding the bag - they usually have their accounts frozen whilst investigations are carried out and they certainly don't get to keep their "wage".
If you have become embroiled in this, or any other scam like it, please contact the fraud department of your bank ASAP