Phishing E-Mail Scam Attacking Holland’s SNS Bank Identified
According to the researchers from MXLabs a security company, they've just intercepted one phishing e-mail scam that's aiming at customers of SNS a retail bank in The Netherlands.
Bearing the caption, "SNSBANK: Rekening Activeren," the fake electronic mails display a spoofed sender's id such that the e-mails appear as originating from "SNS Bank<email@example.com>". The messages as well show a logo of the Bank, MXLabs highlights.
Addressing the unwitting receiver, the phishing electronic mail apparently notifies him that it wasn't possible for SNS towards validating his account; therefore, he must confirm his account details fast.
Furthermore, an attachment in the e-mail named SNS_RekeningActiveren, on downloading as well as executing reveals an online form that asks the user to complete it with the required confidential information.
And when that's done and submitted, the information instantly gets dispatched to one website hosted in Canada that in large probability is under the control of the criminals operating the scam, MXLabs states in addition.
Moreover, the e-mail's text along with the accompanying web-form uses the Dutch language, suggesting largely that the phishing scam aims at Holland residents. This is an extremely fine instance of phishing attacks, which are craftily created, deserving serious attention.
Meanwhile, the researchers remark that it isn't new to have phishing e-mails carrying file attachments. Indeed, it's one method from amongst several that have been observed surfacing since 2010 so that such e-mails may bypass URL-filters that scan inbound e-mails for malicious content. Even to this day, many separate scams using this method can be found doing the rounds, state the researchers additionally.
And because the above kind of phishing campaigns are so malicious, security specialists suggest owners of e-mail to adopt certain easy security tips. These are: not answering e-mails posing as messages from any banking institution, which asks for personal details similar as within the aforementioned instance; always knowing that a lawful bank will never request its clients for validating personal account information over electronic mail; and e-mail recipients, instead of clicking a web-link given in an e-mail, should always enter the related URL address manually into their web-browsers for accessing the site.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 17-10-2011