A new Windows malware strain tricks victims into transferring money into scammers’ accounts, the German Federal Criminal Police warned recently. The strain waits until someone logs into a bank account before sending a message that a credit had mistakenly been posted to the account and will be frozen until the erroneous credit is paid back.
When the user views the account, the malware modifies the amount displayed in the browser so the victim pays back a larger amount than he thinks. These so-called web injects, which are custom plug-ins that manipulate what victims see in browsers, are becoming increasingly popular with hackers.
Upon logging into an online account, if an unfamiliar message pops up, it’s best to log out and call the bank. But experts warn to ensure that the correct phone number is used, as some malware has been known to provide a bogus customer support number in another effort to gain personal information.
Although overpayment scams are often perpetrated through money wires and transfers, a migration to the web is gaining steam. The Better Business Bureau recently rated overpayment scams as one of the top 10 most popular scams.