Bogus money transfer notice leads to theft of online banking credentials

Symantec researchers have recently spotted an email phishing campaign impersonating the accounting department of a random firm.

“Dear Sir,” says the email, “We have been advised by our customer to wire $36,430 of the agreed pending transaction. Kindly confirm with your bank if you have received the money in your account. Attached copy of bank slip.”

For good measure, the spammers put the request “confirm this now!!!” in the subject line.

Users who fall for the trick and download and open the attached HTML file are shown a very faint image of a payment order:

But before they can even check what this order has to do with them, it disappears and they are faced with a message that informs them that they have been signed out of their email accounts and that they have to sign in again to view the order.

“On clicking the only optional button, users are shown a website that resembles a well-known bank login page. If users input their bank credentials or their email address on this page, their information is sent to the scammers and may be used for nefarious purposes,” the researchers warn.

Scammers and phishers know that creating a sense of urgency and fear is the best way to trick inexperienced users into behaving as they usually would not, so they employ it heavily and often. Users are advised to never follow links or open attachments from emails that they aren’t absolutely sure to be legitimate.