US Sheriff joins Australian phishing attack

Online criminals have apparently hacked into the Web site of a US sheriff and are using it to host a fake Commonwealth Bank login page in an online scam.

The login page, hosted on the Lake County Sheriff's Office Web site, is linked to a phishing scam. An e-mail arrived in the inbox of a ZDNet Australia tipster encouraging him to click on a link to the bogus Web site, hosted on the sheriff's server, and re-enter his Commonwealth Internet banking login and password.

Lake County Sheriff Chris Daniels was unavailable to comment due to time zone differences. A Commonwealth Bank representative was also unavailable for comment at the time of writing.

Online fraudsters are known to attack legitimate Web servers in order to stealthily host Web content and scripts used in scams. Web sites owned by Sarajevo Airport, Samsung and even the University of New South Wales have been involved in recent scams.

Yesterday, ZDNet Australia reported a phishing attack that directed victims to a hijacked section of the Sarajevo Airport Web site.

Earlier this month, a Samsung-owned Web site in the US was hosting Trojan horse software. While in August, The School of Media, Film and Theatre at the University of NSW admitted one of its Mac servers had been compromised and used to host a potentially malicious file, which was disguised as a Microsoft security patch.