Attackers impersonate bank emails to cash in on post-Equifax fears
In the wake of the recent breach at credit agency Equifax it's only natural that people are keeping a close eye on their bank statements and credit reports.
Of course the bad guys know this too and a new report by Barracuda Networks looks at an email attack that is impersonating a 'secure message' from financial institutions.
Emails appearing to come from legitimate organizations like Bank of America instruct the recipients to either download an attached document or reply back to the sender. The criminals behind the messages appear to be targeting mainly private banking clients as they are high value and already trust intimate communications from their banks.
Criminals also like the fact that in order for targets to act on these messages, they need to be connected to the internet because the message viewing happens in a web portal, which means that they are vulnerable to downloading malicious content.
There are variations in the scam, in some instances messages have an attached Word document that contains a malicious script that will rewrite the files in the users' directory on Windows machines. Depending on the script in the attachment, there's a potential for typical anti-virus software to miss the threat altogether because the Word documents contained in these messages could be benign and allowed to be downloaded or opened when they're first received. However, once they are downloaded, criminals have access and can update the script at a later date to something more malicious such as install a form of ransomware or any threat that the attackers want to use at that time.
"Ultimately, criminals are registering domains that appear like a legitimate bank domain, and they go unnoticed because recipients either don't know what to look out for or because most email clients only show the sender's name and not the full domain," says Fleming Shi, senior vice president of technology at Barracuda. "Criminals use this tactic to entice recipients into opening and acting on emails, but it can be easily spotted by trained users. Sadly, these threats are exploiting the trust between banks and their customers."
You can find out more about the attacks and how to protect yourself on the Barracuda blog.
Image Credit: carlos_bcn / depositphotos.com