Bank Customers Phished
Warnings of a possible attempt by hackers to crack the defenses of Internet bankers have been issued by the experts at SophosLabs. The hackers seem to have mainly targeted the National Australia Bank's (NAB) customers.
The spam messages are disguised as coming from a genuine source, and entice the customers to respond to it. The unwary customers are deceived with e-mail subject lines such as "National Bank Closing and Blocking Accounts without a notice!". spammers usually make use of such intriguing subject lines to attract as many potential targets as possible.
The customers are then directed to click on a link to read more information about the closing of the bank accounts without warning, and to learn how to file a report if they have suffered from this problem. The hackers then infect the customers' computers by exploiting flaws in the Internet Explorer and Firefox.
Although the message seems to be targeted at the customers of the National Australia Bank, customers of banks with similar names in other countries may feel incited to click on the link.
A part of the e-mail sent by the hackers reads as follows:
Recently many accounts have been reported closed without even a notice from the bank officials! Mostly it's business accounts but regular checkings are also in trouble.
Latest Bank's Report showed much lower profit than expected and their stocks hit lows for the last 5 years! But can it be really a reason for breaking relations with entrepreneurs?
The customers stand the risk of being infected by the Troj/JSDl-A Trojan horse, if they click on the link. The Troj/JSDl-A Trojan horse determines which Internet browser the user is using and its security level. This Trojan horse tries to take advantage of the vulnerabilities in both Microsoft Internet Explorer and Mozilla Firefox.
Graham Cluley, senior technology consultant at Sophos considers this to be a technique used by the hackers to find vulnerable computers before attacking customers using Internet banking.
Related article: Bank Issues Spam Alerts
» SPAMfighter News - 22-06-2006