Phishing E-mails Aim At Brazilian Users: Kaspersky
According to Kaspersky, the security company, a fresh and maliciously persuading phishing e-mail campaign, which poses to send messages from a very large Brazilian bank, is entering the inboxes of that country's inhabitants after utilizing stolen identities which give an authentic impression to the fake e-mails.
Highlights Kaspersky, the phishing messages seem as though they are from Banco Itau a Brazilian bank, while their message body displays the recipient's full name along with his Natural Persons Register (CPF), which corresponds to a Social Security Number (SSN) the Brazilian government uses to recognize every civilian.
Further, the e-mail informs that the recipient must necessarily update so as to install the iToken secure validation tool. But, the web-link for downloading the so-called fresh iToken 1.3 takes the user onto a page that delivers a malevolent .exe file, which in turn installs a banking Trojan that steals credentials for users' Internet banking along with their other confidential details.
Kaspersky has identified this Trojan as Trojan-Downloader.Win32.Delf.agkm.
Moreover, the company's security researchers observe that it is extremely common to have phishing attacks and banking trojans in Brazil; however, the current phishing scam comes out prominent with the utilization of actual CPF codes.
The company observes that just like across the U.S, in Brazil too, secret CPF codes are being used as a commodity with small as well as big-sized data hacks along with leakage of sensitive confidential information at play. By adding the CPF code and username of a victim to his e-mail id, phishers create persuasive attack e-mails as well as fake websites. This sort of targeted assault called "spear phishing" is frequently carried out for attacking precious entities.
Furthermore, Kaspersky emphasizes that anyone in Brazil can obtain deceptively captured personal information without any difficulty whatsoever. Compact disks having CPF codes and names are available for sale on Internet forums and auction websites for some $190 or so.
In the end, phishing scam exploiting actual information and targeting Brazilian citizens isn't anything new. During 2009, a major airline company's customers were victimized in a phishing assault that utilized their rewards scheme number and actual names.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 15-11-2010