Bogus money transfer notice leads to theft of online banking credentials
Posted on 11 February 2013.
Symantec researchers have recently spotted an email phishing campaign impersonating the accounting department of a random firm.

"Dear Sir," says the email, "We have been advised by our customer to wire $36,430 of the agreed pending transaction. Kindly confirm with your bank if you have received the money in your account. Attached copy of bank slip."

For good measure, the spammers put the request "confirm this now!!!" in the subject line.

Users who fall for the trick and download and open the attached HTML file are shown a very faint image of a payment order:

But before they can even check what this order has to do with them, it disappears and they are faced with a message that informs them that they have been signed out of their email accounts and that they have to sign in again to view the order.

"On clicking the only optional button, users are shown a website that resembles a well-known bank login page. If users input their bank credentials or their email address on this page, their information is sent to the scammers and may be used for nefarious purposes," the researchers warn.

Scammers and phishers know that creating a sense of urgency and fear is the best way to trick inexperienced users into behaving as they usually would not, so they employ it heavily and often. Users are advised to never follow links or open attachments from emails that they aren't absolutely sure to be legitimate.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th