Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Spammers Set up Fake Domains for Filching Banking Customers’ Details

 

Customers of Santander Bank would have the knowledge about one running spam campaign that is proliferating Trickbot a well-known banker Trojan being sent from fake websites impersonating those of the said bank.

 

According to security researchers from Internet Storm Center of SANS Institute along with My Online Security, it isn't that Santander Bank alone is being targeted, but others too, while they say that the malicious websites are highly plausible imitations.

 

Spammers targeted institutions such as Lloyds Bank, Santander Bank, Natwest, Nationwide and HSBC as they created domains that would craftily exploit those making erroneous typing on their keyboards.

 

A few fake domains are lloydsbacs.co.uk, hmrccommunication.co.uk, hsbcdocs.co.uk, santanderdocs.co.uk, natwestdocuments6.ml, nationwidesecure.co.uk, securenatwest.co.uk and santandersecuremessage.com. Ibtimes.com posted this, August 15, 2017.

 

Anyone who inadvertently visited any of the mentioned domains that are no longer online as GoDaddy the familiar domain host terminated them, they would contract Trickbot.

 

The domains were run via different servers that utilized HTTPS and complete e-mail authentication. Plentiful recipients could without difficulty get so duped that they would view the attachments included.

 

A particular sample that SANS ISC analyzed masked to be one Santander item, while carried certain HTML attachment which would download Word file hosted on the identical server which dispatched the related electronic mail. There's a graphic of one fake login page of Santander inside the Word file together with instructions about a solution victims would find if they couldn't log in that also has the way for enabling macros via pressing a button called "Enable Content."

 

As accords to Duncan's analysis, the Word file creates one HTTP query destined for centromiosalud[.]es as well as one PNG image which's really one Windows executable. At times, Trickbot gets pulled down from cfigueras[.]com else the same website to which the query is made.

 

As defense from the assault, end-users require disabling options such as "Enable macros" and "Enable content." To ensure the options have been properly disabled, end-users require opening Microsoft Office's 'Access' menu, from where to press 'Trust Center' followed with 'Trust Center Settings' followed with pressing 'Macro Settings' whereby it can be made sure macros and content aren't enabled.

» SPAMfighter News - 8/21/2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next