Fraudulent scheme targeting Santander
A new significant wave of e-mail spam purporting to verify and reinforce the “account against ID Theft” leads the credulous or inadvertent users to a collection of Web pages meant to steal and empty their bank accounts.
The on-line forms that claim to pertain to the financial institution`s portal spoof several visual identification elements, such as the logo and general layout. Additionally, the pages are not registered onto a .co.uk domain (but .com) and are totally lacking any specific security elements, such as the locked padlock.
The phishers steal the sensitive data that the user is required to confirm via two PHP scripts: mainfile.dists.php ” used to pilfer the 8 digit customer ID, and formmailerv2.php ” which purloins the customer PIN, place of birth, mother’s maiden name, password and transfer password, telephone banking PIN, card number and CVC.
As always, be suspicious of e-mails alleging to be from your bank ” financial institutions never contact their customers via e-mail to verify sensitive information ” and double-check the security elements of the login page of your e-banking portal. Last but not least, keep your antiphishing on and up-to-date.
The information in this article is available courtesy of Daniel Dichiu, BitDefender Online Threats Researcher.
Ultimate Privacy Guide for Your Facebook Account
August 31, 2021
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices
August 27, 2021
Your Netflix Account May Be on Sale on Darkweb. Protect It
August 13, 2021
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021