E-mail Scam Targeting BancorpSouth Customers, Warns AppRiver
Security experts from AppRiver the security company are warning customers of Mississippi, USA based BancorpSouth Bank to remain vigilant of dubious e-mails, which pose as coming from the bank.
Using a salutation "Dear Account Holder," the spurious electronic mail reportedly tells the recipient that the password for his Internet banking operations is no longer valid, hence the present notification.
The electronic mail further tells that the recipient should create one fresh password by first accessing the online banking page using BancorpSouth's secure web-link pertaining to 'Expired Passwords' as also typing his temporary password underneath. The message gives the temporary password as nb42xStg765bnk, which, it states, will become obsolete within 24-hrs. Thereafter the e-mail says that the user will get asked for resetting his password.
But, upon following the web-link, the user only gets diverted several times until he lands on one page that harbors the well-known BlackHole attack toolkit.
This kit by successfully exploiting one particular security flaw in Java produces one PC-Trojan to the user, which's capable of intercepting history and cookies, changing the proxy settings for his Web-browser as well as its network configurations, to name some.
Curiously, if the target computer has an active debugger, the kit may even stop working, automatically.
Meanwhile, AppRiver's researchers describe the current e-mail scam as somewhat big wherein the given malevolent web-links are hosted on more than a hundred separate domains. Blogs.appriver.com published this on June 21, 2012.
Oddly, the total potential victims in the BancorpSouth e-mail fraud are fairly less; prompting security officials to contend that the purpose of the cyber-criminals is actually maintaining their techniques related to social engineering "original."
The Bank said it had knowledge of the fraudulent electronic mails in circulation, as is evident from an ongoing scheme for raising awareness.
Moreover, on its website, BancorpSouth has updated that it won't ever request for account details alternatively other personal data over e-mail or phone. Therefore, incase anyone gets a dubious e-mail or telephone call he must avoid responding to it.
However, if anyone has already answered the ongoing fake e-mail, BancorpSouth advises him to contact the bank's Customer Service instantly.
Related article: E-Vote Machines Can Be Infected With Virus
» SPAMfighter News - 02-07-2012