Cybercriminals are sending out phishing emails designed to target the customers of Regions. The fake notifications carry the subject line “Regions Bank Alert: Contact Details Changed,” and they purport to come from email@example.com.
The sample submitted to millersmiles.co.uk reads something like this:
“This email has been sent as a notification that we have initiated a new security procedures to our internet banking for safety online banking purposes.
Your Online Banking Account Phone Numbers and Email Address has been modified, which has made your online access to Internet banking service temporarily limited, due to a conflict between your Logon credentials, and your banking profile informations.”
The link contained in these emails doesn’t point to the official Regions website, but to a hijacked Italian website that’s been set up to host a well-designed phishing page.
On the phishing page, victims are instructed to enter their online banking ID and password. It’s worth noting that all the links from the phishing site point to the real Regions website, probably in an effort to make the fake page more legitimate-looking.
Once the ID and password are entered, internauts are taken to a second page where they’re asked to provide their name, social security number, payment card number and PIN, email address, email password, and security questions/answers.
After the information is handed over, the following message is displayed: “You have successfully completed your Identity verification process. Now you can access your Regions Online Banking System as usual.” Then, victims are redirected to the real Regions website.
The phishing page is still live at the time of writing. However, Google has already flagged it as being malicious.
Even if the phishing pages are designed to accurately mimic the real website, you can always identify them by looking at the URL in the web browser’s address bar. If it’s anything else than regions.com, and if it’s not protected by an SSL certificate, you’re most likely on a phishing site.