↓
 

My Online Security

Keep yourself safe online

  • Home
  • Useful Information
    • How to protect yourself and tighten security
      • Phishing and Malware protection in your browser
      • Why you should set your folder options to “show known file types”
      • Login Directly Into Windows Without Entering a Username or Password
      • Using a standard User Account with high UAC settings in Windows
    • Malformed or infected word docs with embedded macro viruses
    • Embedded documents in PDF files that can easily infect you
    • The risks of Social Media
  • Site Information
    • About us
    • Privacy Policy
    • Terms and Conditions of use
  • Malware submission Form
Log in

Tag Archives: HSBC

Post navigation

1 2 3 >>

Fake HSBC payment details delivers Agent Tesla

My Online Security Posted on 6 March 2019 3:01 am by Myonlinesecurity7 March 2019 3:30 am  
office macro malware

A compromised site we saw yesterday delivering Hawkeye keylogger /Infostealer is being used today in an Agent Tesla campaign. I am not 100% positive it is the same bad actors involved but the distribution method, Sites and hosting companies  involved in sending the emails,  together with the email template style  ( the way they use the recipient’s email address in the subject line )   suggests it probably is. However whoever is actually sending these today are not making the same careless or stupid mistakes that we have been seeing recently with the hawkeye campaigns. They are using email addresses and … Continue reading →

Posted in Malware, Spam | Tagged agent tesla, CVE 2017-11882, HSBC, malware, Microsoft Equation Editor exploits, scam, spam | Leave a reply

Fake HSBC “FW: Account Review” delivers Trickbot

My Online Security Posted on 5 November 2018 1:17 pm by Myonlinesecurity6 November 2018 8:33 am  
Fake HSBC website

We are back to a more complicated or involved Trickbot download campaign today with links in the email to download the XLS file instead of attachments. This malware campaign delivery method was first mentioned on 22 October 2018 when I missed the onslaught.   These do tend to have a much shorter “shelf life” or campaign duration than the more usual office file attachment version, sometimes only between a few minutes and 2 or 3 hours, but in that very short period of time hundreds if not thousands of victims can still be infected. This is because it is much easier … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged HSBC, Macro, malware, scam, spam, Trickbot | Leave a reply

Fake HSBC “Are all above transactions recognisable to you” delivers malware

My Online Security Posted on 1 November 2018 3:18 pm by Myonlinesecurity1 November 2018 3:18 pm  
Fake HSBC email

I haven’t seen Dridex banking trojan hitting the UK in absolutely ages. In fact I can’t remember when I last saw one. This is detected as Dridex by some VirusTotal detections but online sandbox analysis aren’t showing typical Dridex SSl connections, so I am not sure exactly what this is. Update: I am informed reliably that it is Gozi/ Ursnif Banking trojan An email with the subject of  “Are all above transactions recognisable to you”  pretending to come from   HSBC Protection Support but actually coming from mail@rockinghamdental.com  with a link in the email body going to https://rockinghamdental.com/main.php?YHKeGpEamn4XDDA45X%2FX58xslDwVkwOIlhvoXlCIsjs1oacGQ6f7%2Ffq5ljqjDQvnt45QJjDuum5wJUNrVDOXq5rfskJnM3a6ZYlmYvi8zZevaVtFLU8q5y5Mb%2FFv4XrwoosR0%2BY%2BzdzN6fdoJC6Mr9eo4lDT0NfeTQbMd5oNiC0Wjpvlcm2c5HNvNMOufQ7dPcFrZf8I%2FeC4Sz%2BXQpnHLOZquT4FT9FyLQas1%2BbjXo8%3D  where a file is downloaded. Transaction_Log.exe … Continue reading →

Posted in Malware, Scam, Spam | Tagged dridex, HSBC, malware | Leave a reply

Trickbot via Fake HSBC “Incoming high value CHAPS payments” emails

My Online Security Posted on 4 October 2018 1:15 pm by Myonlinesecurity4 October 2018 1:15 pm 2

This example is an email containing the subject of “Incoming high value CHAPS payments” pretending to come from HSBC but actually coming from “Olivia.Brown@hsbcemail.net” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site,  with a malicious word doc attachment  is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan There is something different about the network connections being shown in the Anyrun report today. It looks like Trickbot might have updated with new modules  and injects. You can now submit suspicious sites, emails and files via … Continue reading →

Posted in macro virus, Malware, Spam | Tagged HSBC, Macro, malware, scam, spam, Trickbot | 2 Replies

Trickbot delivered via Fake HSBC Payment Advice using activeX controls in word macros

My Online Security Posted on 29 August 2018 12:33 pm by Myonlinesecurity29 August 2018 12:33 pm  

Another pretty lame email from the Trickbot gang again today. Some days I really don’t understand this gang of criminals. They go to the bother of registering various look a like domains to send the emails from, so they might stand a better chance of fooling recipients.  They then create very effective macro enabled word docs using all sorts of tricks to avoid detection & install on the victim’s computer.  Then they go and send a stupidly lame email with no proper body content that absolutely screams this is a scam do not open me or do anything. The body … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged HSBC, Macro, malware, scam, spam, Trickbot | Leave a reply

Fake HSBC “Important : Troubles processing BACs payment ” delivers Trickbot

My Online Security Posted on 26 July 2018 2:44 pm by Myonlinesecurity26 July 2018 2:44 pm  

This example is an email containing the subject of “I have securely shared file(s) with you” pretending to come from HSBC  but actually coming from “James.Holand@hsbcbacs.co.uk” which is a look-a-like,  typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site,  with a malicious word doc attachment  is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan You can now submit suspicious sites, emails and files via our Submissions system Email Details From: HSBC <James.Holand@hsbcbacs.co.uk> Date: Thu 26/07/2018 13:57 Subject: Important : Troubles processing BACs payment Attachment: BACs.doc Body content: Good Morning, … Continue reading →

Posted in macro virus, Malware, Scam, Spam | Tagged bacs documents, HSBC, Macro, malware, scam, spam, Trickbot | Leave a reply

Fake HSBC Payment Advice delivers Trickbot via equation editor exploits

My Online Security Posted on 30 April 2018 12:56 pm by Myonlinesecurity30 April 2018 12:56 pm  
office macro malware

This example is an email containing the subject of “Payment Advice ” pretending to come from HSBC UK but actually coming from a look-a-like or typo-squatted domain “noreply@hsbc-paymentadvice.co.uk” or “noreply@hsbcpaymentadvice.co.uk” with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan This version is probably using Threadkit which is an office doc exploit builder using the Microsoft Equation Editor Exploits CVE-2017-11882 and/or CVE-2017-8570 and other office exploits instead of Macros. I understand that one of the exploits being used possibly uses an exploit in Adobe flash that when run crashes word … Continue reading →

Posted in Malware, Scam, Spam | Tagged CVE 2017-11882, HSBC, malware, Microsoft Equation Editor exploits, spam, Trickbot | Leave a reply

Hawkeye Keylogger via Fake Pending Balance////// HSBC SWIFT COPY malspam

My Online Security Posted on 24 April 2018 9:22 am by Myonlinesecurity24 April 2018 9:22 am  

An email with the subject of   Pending Balance////// HSBC SWIFT COPY pretending to come from Zomosun Accountant <wgsss@sss.com.pk>   with a zip attachment  which contains Hawkeye Keylogger  ISRstealer Update: I am informed it is iSRstealer not Hawkeye keylogger They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. You can now submit suspicious sites, emails and files via our Submissions system swift message HSBC—23-04-2018.SCAN.gz.zip : Extracts to:   swift … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam, Spam | Tagged hawkeye keylogger, HSBC, malware, Ransomware, scam, spam, swift copy | Leave a reply

Fake HSBC Your HSBC application documents delivers Trickbot via Microsoft Equation Editor Exploits

My Online Security Posted on 17 April 2018 1:37 pm by Myonlinesecurity17 April 2018 1:37 pm 2
office macro malware

This example is an email containing the subject of “FW: Your HSBC application documents ” pretending to come from HSBC but actually coming from a look-a-like or typo-squatted domain “Luke.Gray@hsbcmail.co.uk” or “Luke.Gray@business-hsbc.co.uk” with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan They have also continued with changed behaviour we first saw last Tuesday by downloading .bin files instead of fake .png files. This version is probably using Threadkit which is an office doc exploit builder using the Microsoft Equation Editor Exploits CVE-2017-11882 and CVE-2017-8570 and other office … Continue reading →

Posted in Malware, Scam, Spam | Tagged HSBC, malware, Microsoft Equation Editor exploits, scam, spam, Trickbot | 2 Replies

Fake HSBC USA SWIFT Transfer (103) 37B2308302 delivers Pony- Fareit trojan

My Online Security Posted on 9 April 2018 12:13 pm by Myonlinesecurity9 April 2018 12:13 pm  

An email with the subject of  SWIFT Transfer (103) 37B2308302 pretending to come from HSBC Bank USA   with a zip attachment  which contains another version of the new pony /fareit trojan that needs user interaction before it does anything. Just running this malware on a computer does nothing initially. It sleeps until you perform some actions like opening a folder or starting a program. Then it springs into life and starts to steal all your information. This email has a .arj attachment ( a sort of zip file ) that extracts to a .exe. ARJ files don’t natively open in … Continue reading →

Posted in EXE-in-ZIP, Malware, Scam, Spam | Tagged Bank, fareit, HSBC, malware, pony, scam, spam | Leave a reply

Post navigation

1 2 3 >>




Search this Site

Have you found something bad or suspicious? Do your bit to help!

Report malicious links to:
  •  Google report malware Safebrowsing
Report phishing links to:
  •  Phishtank
  • Google Safebrowsing
  • Netcraft Anti-Phishing
  • ESET Anti-Phishing
  • Gdata
  • Action Fraud
Find What Ransomware:
  • ID Ransomware

Follow me on Twitter

My Tweets

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16,514 other subscribers.

Archives

Categories

useful links

  • Action Fraud
  • Dynamoo's Blog
  • Eset Online Scanner
  • Graham Cluley
  • Kaspersky security news
  • Krebs on Security
  • malwareBytes Blog
  • Microsoft Security page
  • Security Garden
  • System Lookup
  • Tech Support Guy
  • We Live Security, ESET blog

Admin

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Contact: security@myonlinesecurity.co.uk | Most screenshots in blog posts have been created using SnagIt Screen Capture Software
©2019 - My Online Security - Weaver Xtreme Theme Privacy Policy
↑
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Reject Read More
Privacy & Cookies Policy

Necessary Always Enabled