Fake E-mails Camouflage the Renowned Citi Group Banking Institution
BitDefender is asking Internauts for remaining watchful of false Citi Group notices that pose as messages from the 3rd biggest banking institution based within USA.
The fake electronic mail tells recipients to read a given secure message via clicking on an attachment named securedoc.html. They'll then get encouraged towards clicking on the file for viewing alternatively downloading/saving it on their PCs. To obtain optimum results, the e-mail asks users for first downloading the file and subsequently viewing it inside the IE (Internet Explorer) browser.
The scam electronic mail contains one web-link besides an attachment. But, though the web-link causes no damage, as it leads recipients onto the original Citi Group site, there's one password-stealer inside the attachment which creates a backdoor giving hackers access to the users' machines. Sometimes, the attachment may as well download the ZeuS or BlackHole attack toolkit components.
Security analysts after studying the malicious e-mail scam remark that people who aren't trained to examine e-mails may become victims of the trick, as the spam mails have proper English text containing correct grammar along with innocuous-appearing attachments.
The analysts further state that amongst the innumerable methods that contaminate a PC, mass e-mails serving malware is still effective even though the security industry and media respond frantically. Contaminating computers through spam works like a competent dissemination technique, as end-users keep becoming victims unprepared through sinister web-links/attachments just like in the Citi Group case, they add.
Therefore, for anyone who's been victimized with the above e-mail scam should use updated anti-malware to scan his computer. Further, incase anyone has accessed his bank A/C else conducted banking transactions then he should reset his password immediately before calling his financial institution, BitDefender advises.
Meanwhile, in a similar exploitation of popular banks by cyber-criminals during recent months, spammers, during December 2012, distributed Citibank-purported junk e-mails bearing the caption "Your Citi Credit Card statement is ready to view online," while telling recipients they could now see their payment card statements from Citibank online whose chief details were given in the message. The spam mails actually led the users onto websites that harbored the BlackHole malware toolkit, security researchers discovered.