Phishing Scam Targets USAA Customers
According to Director of Research in Computer Forensics Gary Warner at the U.S-located UAB (University of Alabama at Birmingham), an infamous cyber-criminal group namely Avalanche is running an advanced phishing campaign wherein the e-mails pose as messages from the United Services Automobile Association (USAA).
It's noteworthy that USAA is one of the Fortune 500 financial services enterprises providing insurance, investment and banking to families or individual persons who served or still serve in the U.S military.
Enlightening on the particular phishing campaign, Warner pointed out that the fraudulent electronic mails displayed headers like Automatic reminder, Automatic notification, important instructions, important banking mail from USAA - Ref No. 911592, instructions for customer, information from USAA customer service, and many more. Garwarner.blogspot.com reported this on November 1, 2010.
It's also reported that the fraudulent message addressing USAA customer notifies the recipient that the Association has introduced another edition of USAA Confirmation Form, which every USAA customer needs to fill out. Subsequently, it requests the recipient to click a given button that apparently leads to the form.
Named "Access USAA Conformation Form," the button, however, doesn't take the user onto the phishing website straight away.
Rather, numerous redirect web-links are used, several of which have been created via tinyurl.com, thesurl.com, migre.me, j.mp etc., which are names of URL-condensing services. Additionally, the phisher seems to have as well created around 290 '.tk' Web-domains with the help of the service for setting up genuine appearing domain names that divert onto their phishing websites.
Highlights Warner that the host of the 'USAA Confirmation Form' is really haphazardly-produced hostnames on "vsdfile.ru" which's a Web-domain.
He also notes that although nearly not a single spam mail has its origin in the USA, nearly each and every URL-address inside the messages belong to USA.
Eventually, to remain safe from the phishing campaign, USAA clients are recommended that they shouldn't click the web-link provided in the e-mail for accessing the site. Also, they should instantly erase unsolicited e-mails, no matter whether the messages look to be sent from reputed organizations like USAA. And, finally they must ensure that their security software is up-to-date.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 10-11-2010