Security researchers have discovered a new phishing campaign where hackers are impersonating secure messages from banks and other financial institutions.
Hackers are hiding malicious codes in emails sent to customers of major banks and financial institutions to obtain sensitive details.
Researchers at security firm Barracuda have uncovered a new phishing campaign being conducted by cyber criminals on customers of major banks and other financial institutions.
The hackers in question are impersonating ‘secure messages’ from banks to inject malicious codes on their victims’ devices so as to obtain sensitive personal and financial information about customers. The emails appear very genuine and by creating them, hackers are exploiting the trust between banks and their customers to infect more and more devices.
‘Typically, the type of “secure messages” we’re seeing are received from private banking clients who have stewards assisting with bank transactions, monitoring, or opening encrypted messages. This is appealing to criminals because the targets are of high value and already trust intimate communications from their banks,’ said the researchers.
‘Criminals also like that in order for targets to act on these messages, they need to be connected to the internet because the viewing happens in a web portal, which means that they are now vulnerable to downloading malicious content,’ they added.
Hackers behind the phishing campaign are attaching Word documents to their emails and are asking recipients to download such attachments to view secure and confidential messages from their banks. The emails also contain logos of real banks and feature literature used by such banks on their emails to customers.
According to the researchers, the attachments contain malicious scripts that rewrite files in the users’ directory once opened. These malicious codes are often able to evade anti-virus programmes because the documents could be benign.
Once a recipient downloads and opens a malicious attachment, hackers are able to run the script on the device and gain access to sensitive files and folders. The hackers can also update the script at a later date to download other forms of malware, spyware or ransomware.
To guard against such phishing attacks, Barracuda suggests that users must deploy anti-phishing protection to look for websites or emails that contain malicious code. At the same time, users must always check the domains on emails that are asking them to either share sensitive information or to click on links that may contain harmful malware.