2 min read

Brits` Bank Account Data under Threat

Loredana BOTEZATU

November 05, 2013

Brits` Bank Account Data under Threat

Half of a percent of all spam sent worldwide targets customers of some of the most popular British financial institutions and services, including Paypal, Lloyds Banking Group, HSBC Holdings, and Barclays Bank.

The e-mails either deliver the banking Trojan Zeus or send fake bank forms to steal critical bank-related data by tricking people into typing in sensitive identification information, including banking username and password, credit card number, expiration date, name, country, zip code and social security number.

On average, phishing accounts for 3 percent of unsolicited e-mails sent worldwide. Last year, the UK was the country hit by the highest number of phishing attacks mainly due to prevalence of Internet connections in British households – more than 80% according to the data in the UN’s net-connectivity table. Britons are also extremely eager adopters of online banking services, making them priority targets for phishing attacks.

A wave of 0.5 percent of phishing e-mails might seem a small number but, as a rule, phishing attacks are less random than other types of spam. Some phishers send a message for a few hours, then stop to alter the content or attachment to avoid detection and send it again.

Spam e-mails targeting Lloyds and HSBC are sent from servers located in Russia, Italy, the US, India, Australia or the United Arab Emirates. The Bitdefender antispam lab found some spammers sharing servers or recipient lists.

Some spam e-mails deliver fake bank forms, while others distribute the infamous Zbot Trojan, hidden in an attachment allegedly sent by reputable financial institutions such as Lloyds, Barclays or HSBC.

The message allegedly sent by Lloyds informs users they have received a new payment and invites users to open an attachment. The attachment hides a malicious piece that downloads the banker Trojan Zbot from the webpage of a company involved in this attack without knowing it.

The alleged HSBC sample about a failed payment delivers Zbot as well, with the clear intention of collecting as much money-related data from active bank accounts as possible. Once in the computer, Zbot waits for users to connect to their e-banking accounts and snatch their credentials.

The Barclays impersonation tells customers there have been multiple attempts to access their accounts and the bank decided to “temporarily suspend” it. To reactivate it, users need to access the attachments and fill in the necessary data. The attachment is, however, an executable file that once again retrieves Zeus on their systems.

As a rule of thumb, banks NEVER ask customers to divulge sensitive data via e-mail. When in doubt, users should always call the bank or, better yet, go to the nearest bank to ask for details in person.

A good security solution marks the unsolicited e-mails as spam and blocks the phishing pages as malicious or suspicious.

This article is based on spam samples provided courtesy of Bitdefender anti-spam team and the technical information provided by Doina Cosovan, Bitdefender Virus Analyst.

Note: All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches FTC Says Companies Operating Health Apps and Connected Devices Must Inform Users of Data Breaches
Silviu STAHIE

September 17, 2021

1 min read
Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison Owner of DDoS-as-a-service Websites Found Guilty, Faces up to 35 Years in Prison
Silviu STAHIE

September 17, 2021

1 min read
Do Mobile Security Solutions Really Work or Are They a Scam? Do Mobile Security Solutions Really Work or Are They a Scam?
Filip TRUȚĂ

September 17, 2021

2 min read