Banking Account Security Warning – Fake PDF Malware

Fake

Banking account security warning pretending to come from FRAUD ALERT SYSTEM <k.cooper@fraudalert.com> is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. Many of these bank themed emails are extremely difficult to distinguish from phishing scams. It is becoming very frequent that the same or almost identical emails are being used over and over. Sometimes they have a link to a fake website where they expect you to give them your details. Other times it contains a html file that they want you to click on and enter details. This time they have a fake pdf file that if you are unwise enough to open it would infect your computer and enrol it into the Zeus botnet.

Almost all of these have a password stealing component, with the aim of stealing your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your facebook and other social network log in details.

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected by this sort of socially engineered malware.

Subjects seen:

  • Important: Unauthorized attempt to access your banking account
  • Banking account security warning
  • Attention! Your credit card is being used

Emails seen:

Dear Sir or Madam,

The banking security system has just registered an external attempt to use your credit card from an unknown location.
In view of the fact that the safety of the credit card account is in danger we strongly recommend you to use the emergency instructions given in the attachments.

To protect users from attacks and fraudulent activities coming from within the banking system itself we need your permission to start the investigation and adjust the security measurements. If the required steps won’t be completed the account will be temporarily suspended and will be available after visiting a local office.

Step-by-step instructions and emergency phone number are in attachments to the email.

Truly yours,

PCI DSS Chief officer

K. Cooper

The banking security system has just registered a rascally attempt to write £174. In view of the fact that the safety of the banking account could have been hacked we strongly recommend you to follow the instructions given in the attachments to the email.

To avoid hacker attacks and fraudulent activities coming from within the banking system itself we need client’s electronic signature to start the investigation and adjust the security measurements. If the required steps won’t be completed your service will be temporarily suspended and money will unavailable until the problem will be solved.

All the necessary information is attached to the email.
Yours sincerely,
PCI DSS Chief officer
K. Cooper

Banking security has just indicated a fraudulent attempt to write £174.
Due to the fact that the safety of your account could have been hacked we strongly recommend you to use the emergency instructions given in the attachments.

To exclude hacker attacks and fraudulent activities accomplished from within the banking system we need user’s electronic signature to adjust the security settings. In case you do not verify your account by electronic signature your service will be temporarily suspended and money will unavailable until the problem will be solved.
All the necessary information is attached to the email.

Yours truly,
PCI DSS Chief officer
K. Cooper

28 March 2014 : Fraud alert document 778-1.zip ( 345kb) Extracts to Fraud alert document 778-1.exe Current Virus total detections: 4/51 MALWR Auto Analysis:

This Banking account security warning is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.

Total
0
Shares
Leave a Reply

Your email address will not be published.

Related Posts