FBI Cautions Netizens about Fresh Phishing Scam

As the vacation arrives in USA and people get busy with online-shopping, the Cyber Squad of FBI has issued an alert to citizens to watch out for one fresh spear phishing scam. Northcountrygazette.org published this on November 25, 2011.

It's reported that to spread a Zeus Trojan variant -"Gameover" is the objective of the scam. The e-mails involved, pose as lawful messages that NACHA (National Automated Clearing House Association) supposedly sent. Alternatively, they pose as messages from the Electronic Payments Association (EPA) that looks after ACH network's governance while the latter handles e-transfer-of-funds within USA. The phishing e-mail tells the recipient that a problem had occurred when the ACH was trying to process a transaction at his account with bank that, eventually, couldn't be completed.

However, the e-mail provides a web-link, which if clicked, results in the Gameover malware to infect the user's PC. The Trojan, by recording the keystrokes of the user, actually captures his Internet-banking credentials.

Meanwhile, following the hijack of the user's financial account, the cyber-thieves carry out one distributed denial-of-service assault against the bank where the user holds an account. Security researchers believe the scammers utilize the assault for diverting focus off wire-transfers and also for disabling the banks from undoing the transactions incase seen.

One resident of USA's Boise (Idaho) even contacted police following his getting twin e-mails that told him the same problem regarding ACH's processing of transaction, and he opened the e-mails' web-links. Idahostatesman.com published this dated November 29, 2011.

In the meantime, one of the above e-mails dispatched to the work e-mail of a reporter of Idaho Statesman stated that it was an EPA message, according to which, one ACH wire-transfer couldn't be accepted. Thereafter, it asked the recipient to see a given web-link for learning further about the event. The web-link, incidentally, pointed to one MS Word file. Thenewstribune.com published this dated November 15, 2011.

Now, the FBI, following the above happenings, has urged consumers for exercising caution regarding e-mails that aren't from known senders. Still, if anyone becomes victimized with the scam, he should complain at www.ic3.gov for the U.S Internet Crime Complaint Center.

Related article: FBI’s ICCC Annual Report Discusses Fraudulent and Non-Fraudulent Complaints

» SPAMfighter News - 12/6/2011