A Close Look at a Banking Scam
A phishing campaign is targeting customers of Portugal’s Banco Millennium BCP (Portuguese Commercial Bank), according to Tomas Meskauskas at PCRisk. The emails inform recipients that their bank accounts have been frozen for security reasons, and they’ll need to either confirm their banking credentials or pay a €455 fine in order to regain access. The email contains a button that will take the user to a spoofed BCP login page designed to steal their bank account credentials.
While this campaign relies on users entering their credentials manually, Meskauskas explains that many other phishing attacks try to trick users into installing banking malware. This is usually accomplished by tricking the user into opening an attached Microsoft Office document. The document, when opened, asks the user to click the “Enable content” button in order to view the contents. This button will enable a macro to install malware on the user’s computer.
Meskauskas also stresses the importance of keeping software up-to-date, since older versions of Microsoft Office can run macros automatically.
“It is worthwhile to mention that malicious MS Office documents infect computers only when recipients open them and enable editing/content (macros commands) in them,” Meskauskas says. “However, it applies only to malicious documents that users open with Microsoft Office versions that were released after year 2010. If malicious documents are opened with older versions, then they install malware once they are opened. It is because older versions do not include the ‘Protected View’ mode.”
Meskauskas adds that users should be careful about where they go to download programs and updates.
“Files, programs should be downloaded only from legitimate, official web pages and via direct links,” Meskauskas writes. “It is not safe to use Peer-to-Peer networks, unofficial sites, third party downloaders (and installers), etc. Installed programs that need to be updated and/or activated should be updated and/or activated with tools that are provided by their official developers. Third party updating and activation tools can be (and often are) designed to install malware.”
New-school security awareness training can create a culture of security within your organization by teaching your employees to follow security best practices.