Tag: HSBC | My Online Security

Trickbot via Fake HSBC “Incoming high value CHAPS payments” emails

Posted on 4 October 2018 1:15 pm by Myonlinesecurity4 October 2018 1:15 pm 2

This example is an email containing the subject of “Incoming high value CHAPS payments” pretending to come from HSBC but actually coming from “Olivia.Brown@hsbcemail.net” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan There is something different about the network connections being shown in the Anyrun report today. It looks like Trickbot might have updated with new modules and injects. You can now submit suspicious sites, emails and files via … Continue reading →

Trickbot delivered via Fake HSBC Payment Advice using activeX controls in word macros

Posted on 29 August 2018 12:33 pm by Myonlinesecurity29 August 2018 12:33 pm

Another pretty lame email from the Trickbot gang again today. Some days I really don’t understand this gang of criminals. They go to the bother of registering various look a like domains to send the emails from, so they might stand a better chance of fooling recipients. They then create very effective macro enabled word docs using all sorts of tricks to avoid detection & install on the victim’s computer. Then they go and send a stupidly lame email with no proper body content that absolutely screams this is a scam do not open me or do anything. The body … Continue reading →

Fake HSBC “Important : Troubles processing BACs payment ” delivers Trickbot

Posted on 26 July 2018 2:44 pm by Myonlinesecurity26 July 2018 2:44 pm

This example is an email containing the subject of “I have securely shared file(s) with you” pretending to come from HSBC but actually coming from “James.Holand@hsbcbacs.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan You can now submit suspicious sites, emails and files via our Submissions system Email Details From: HSBC <James.Holand@hsbcbacs.co.uk> Date: Thu 26/07/2018 13:57 Subject: Important : Troubles processing BACs payment Attachment: BACs.doc Body content: Good Morning, … Continue reading →

Fake HSBC Payment Advice delivers Trickbot via equation editor exploits

Posted on 30 April 2018 12:56 pm by Myonlinesecurity30 April 2018 12:56 pm

This example is an email containing the subject of “Payment Advice ” pretending to come from HSBC UK but actually coming from a look-a-like or typo-squatted domain “noreply@hsbc-paymentadvice.co.uk” or “noreply@hsbcpaymentadvice.co.uk” with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan This version is probably using Threadkit which is an office doc exploit builder using the Microsoft Equation Editor Exploits CVE-2017-11882 and/or CVE-2017-8570 and other office exploits instead of Macros. I understand that one of the exploits being used possibly uses an exploit in Adobe flash that when run crashes word … Continue reading →

Hawkeye Keylogger via Fake Pending Balance////// HSBC SWIFT COPY malspam

Posted on 24 April 2018 9:22 am by Myonlinesecurity24 April 2018 9:22 am

An email with the subject of Pending Balance////// HSBC SWIFT COPY pretending to come from Zomosun Accountant <wgsss@sss.com.pk> with a zip attachment which contains Hawkeye Keylogger ISRstealer Update: I am informed it is iSRstealer not Hawkeye keylogger They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. You can now submit suspicious sites, emails and files via our Submissions system swift message HSBC—23-04-2018.SCAN.gz.zip : Extracts to: swift … Continue reading →

Fake HSBC Your HSBC application documents delivers Trickbot via Microsoft Equation Editor Exploits

Posted on 17 April 2018 1:37 pm by Myonlinesecurity17 April 2018 1:37 pm 1

This example is an email containing the subject of “FW: Your HSBC application documents ” pretending to come from HSBC but actually coming from a look-a-like or typo-squatted domain “Luke.Gray@hsbcmail.co.uk” or “Luke.Gray@business-hsbc.co.uk” with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan They have also continued with changed behaviour we first saw last Tuesday by downloading .bin files instead of fake .png files. This version is probably using Threadkit which is an office doc exploit builder using the Microsoft Equation Editor Exploits CVE-2017-11882 and CVE-2017-8570 and other office … Continue reading →

Fake HSBC USA SWIFT Transfer (103) 37B2308302 delivers Pony- Fareit trojan

Posted on 9 April 2018 12:13 pm by Myonlinesecurity9 April 2018 12:13 pm

An email with the subject of SWIFT Transfer (103) 37B2308302 pretending to come from HSBC Bank USA with a zip attachment which contains another version of the new pony /fareit trojan that needs user interaction before it does anything. Just running this malware on a computer does nothing initially. It sleeps until you perform some actions like opening a folder or starting a program. Then it springs into life and starts to steal all your information. This email has a .arj attachment ( a sort of zip file ) that extracts to a .exe. ARJ files don’t natively open in … Continue reading →

My Online Security

Keep yourself safe online

Tag Archives: HSBC