Bogus money transfer notice leads to theft of online banking credentials
Posted on 11 February 2013.
Symantec researchers have recently spotted an email phishing campaign impersonating the accounting department of a random firm.

"Dear Sir," says the email, "We have been advised by our customer to wire $36,430 of the agreed pending transaction. Kindly confirm with your bank if you have received the money in your account. Attached copy of bank slip."

For good measure, the spammers put the request "confirm this now!!!" in the subject line.

Users who fall for the trick and download and open the attached HTML file are shown a very faint image of a payment order:


But before they can even check what this order has to do with them, it disappears and they are faced with a message that informs them that they have been signed out of their email accounts and that they have to sign in again to view the order.

"On clicking the only optional button, users are shown a website that resembles a well-known bank login page. If users input their bank credentials or their email address on this page, their information is sent to the scammers and may be used for nefarious purposes," the researchers warn.

Scammers and phishers know that creating a sense of urgency and fear is the best way to trick inexperienced users into behaving as they usually would not, so they employ it heavily and often. Users are advised to never follow links or open attachments from emails that they aren't absolutely sure to be legitimate.









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //