Hacked Sony Thailand website hosted a credit card phishing scam

As Sony works to restore its online PlayStation Network to full functionality and win back frustrated customers with free games, a new web-oriented scam completely unrelated to the company's previous run-ins with hackers has been found.

ADVERTISEMENT

Based on findings by computer security company F-Secure, The Washington Post reported on Friday that Sony Thailand's home page was utilized as part of a phishing scheme aimed at Italian credit card company, CartaSi.

"We know you're not supposed to kick somebody when they're already down, but we just found a live phishing site running on one of Sony's servers," said F-Secure in a blog entry.

Surprisingly, this isn't the first time the Italian credit card provider has been targeted.

ADVERTISEMENT

Earlier this year, it was discovered that botnets were sending out fraudulent emails in an attempt to glean information from CartaSi customers. Fake offers were extended, and those who tried to take advantage were taken advantage of: a spoofed homepage would steal personal information as unwitting victims willingly offered it.

F-Secure stated that it has notified Sony of the issue, adding that "the server is probably not very important."

Mikko Hypponen, F-Secure's chief research officer who discovered the scam, discussed it with ZDNet.

ADVERTISEMENT

"The phishers are looking for credit card details and logins," he told the site, adding that in light of the recent bad publicity regarding the separate PSN hacking and subsequent three-week long outage this new incident was "just bad luck and bad timing" for Sony.

Just this week Sony disabled the web-based password reset option for PSN account holders after an exploit was discovered that allowed unscrupulous hackers to access and change legitimate users' PSN ID passwords.

Sony has yet to comment on the matter. This post will be updated if the company releases an official statement.

No posts to display