Sony Web hackers phish for card numbers

Cybercriminals have hacked pages of the US Sony PlayStation Web site, leaving gamers open to malware infection and tricking them into handing over their card account details.

  0 Be the first to comment

Sony Web hackers phish for card numbers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

IT security outfit Sophso says hackers used a SQL injection attack to plant unauthorised code on pages promoting the PlayStation games "SingStar Pop" and "God of War".

The code runs a fake anti-virus scan, telling surfers that their computer is infected with viruses and Trojan horses.

The fraudsters then encourage victims to to enter their credit card details to buy a bogus security product.

The Sony site - which has now been fixed - is just one of many targeted by the attack, with over a million pages affected, says Sophos.

Others hit by the SQL injection attack include Brazilian and Chinese government sites, the South African Flooring company, a pond supply firm in Canada and a liquor store in Massachusetts.

Sophos also warns that whilst the attack currently just tries to dupe surfers into buying worthless software, hackers could easily alter the payload so that it becomes more malicious and install code designed to turn Windows PCs into a botnet or to harvest confidential information.

Graham Cluley, senior technology consultant, Sophos, says: "If users do not have sufficient protection in place then they might find that before they know it they have been scared into handing their credit card details over to a bunch of cybercriminals."

Sponsored [On-Demand Webinar] Solving the KYC challenge with end-to-end processes

Related Company

Keywords

Comments: (0)

[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming MandatesFinextra Promoted[Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates