Phishers Steal Banking Credentials by Exploiting People’s Curiosity
According to security researchers from Symantec the security company, there is one new phishing e-mail scam doing the rounds, tricking curious, probable victims so they will surrender personal Internet banking credentials.
The scam begins by sending an e-mail, which addressing the recipient as 'Dear Sir,' informs that a customer apparently asked the e-mail sender to transfer $36,430 to the reader as per the acquiesced expected deal. It is therefore requested that the user confirm by contacting his bank whether the money has been deposited into his account, the e-mail states.
Furthermore, the e-mail shows an attachment, which's labeled "tt$36,430.html." Interestingly, the image of this attached file is pretty faded while makes it quite hard to read. Besides, by utilizing the HTTP-EQUIV "REFRESH" HTML label, the file image vanishes after 4-secs. Clearly, the short-timed exhibition of the file raises sufficient enthusiasm within the end-user thus possibly making him more ensnared into the ruse.
What's more, a page-refreshment occurs after the 4-sec time-period with a pop-up emerging, which tells the user he's been existed from the e-mail account therefore, requires resigning in for seeing the bank notice.
Now, if the user hits on the sole link reflected, he will find a web-page quite like the log-in page of one popular bank. Entering his banking credentials alternatively his electronic mail id into this web-page can make the user lose his information to the scammers who will likely utilize it for sinister reasons.
Consequently, Symantec suggests Internauts towards eschewing following web-links else viewing attachments within uninvited electronic mails, however much they increase one's inquisitiveness by presenting 'free' money offers. It is also recommended that users manually enter their bank's URL straight inside their Web-browser's address bar rather than click on web-links within e-mails, according to the company.
Meanwhile, in a similar phishing scam targeting banks during recent months, Bank Windhoek situated primarily in Windhoek, Namibia, during January 2013, was attacked with phishing e-mails that hit its customers through the caption "New upgrade alert," directing that they should make their private as well as security information up to date so as to remain safe from fraudsters.