New banking assault clubs date theft, Trojan infection and phishing

In a new attack mode, cyber-criminals have clubbed 3 tactics together viz. stealing credentials, planting banker Trojans and phishing victims off their credit card information. The attack campaign, which uses more and more advanced malware, aims at Austrian bank accountholders.

Specifically according to Proofpoint, the latest striker combines credit card info and credential phishing and adds to it banker Trojans, while aims attack on Android owners who're as well clients of major Austrian banks. Such an attack scheme is going on since January, affecting nearly 20,000 consumers.

During the so-called attack, the first stage is sending phishing e-mails that contain one bit.ly link for diverting end-users onto a fraudulent website of Bank of Austria. Once on the fake site, the potential victim is asked for feeding his banking login details along with his phone number and e-mail id. Techrepublic.com posted this, November 6, 2017.

The above mentioned details easily enable the attackers for moving ahead by applying social engineering tactics for carrying out the second attack phase. Based on the stolen details, cyber-criminals then dispatch a warning e-mail with the Bank Austria brand that informs the victim he should install the "Bank Austria Security App" on his smart-phone which's not there.

The e-mail asserts that as per the EU guidelines of money laundering, customers must have the latest application of Bank Austria while if they don't install it the result will be blocking of their accounts. After this warning, the potential victim is diverted onto one shortened URL which by following would let the application's loading, the message claims.

It's advised that banking business owners as well as consumers utilizing Android phones for doing banking transactions online exercise caution while choosing web-links for clicking or attachments for downloading. They must be careful with unexpected e-mails, URLs as well as applications, particularly those that direct for changing configurations, alternatively those that direct to give plentiful user information else too many consents.

Security officials taking care of banking facilities accessible from Android devices, no matter where the consumers are, require being wary of online threats so they can act for their prevention.

» SPAMfighter News - 11/13/2017