Phishing emails disguised as ‘secure messages’

Next story
Olivia Storey

A new phishing campaign that imitates ‘secure messages’ from private banks and financial institutions has begun circulating.

Cybercriminals are producing these fake emails to deliver malware to unsuspecting victims, addressed from supposed legitimate banking institutions. The ‘secure message’ email contains bank domains, logos and even a confidentiality statement to make the email look as authentic as possible.

The email contains instructions for the recipient to either download an attached document, reply to the sender or follow a set of instructions.

In the case of downloading the attached document, once it is downloaded onto the victim’s machine the hacker can then access the machine or remotely update it later to something much more malicious, including types of ransomware.

The attached documents also contain malicious script that can rewrite all the files in the users’ directory once the document has been opened.

The banks themselves haven’t been compromised and the emails aren’t from their systems, they are just being impersonated using their logos and domains. By using a reputable source for the emails, cyber criminals can persuade a much higher amount of victims to act and click on the messages.

For the recipients to view the messages they would need to be connected to the internet, which is another reason cyber criminals find phishing emails such a success. In this instance, the viewing happens within a web portal, which means they are vulnerable to download the malicious content instantly.

It should be noted that this new phishing tactic is in the wake of the immense Equifax data breach, which affected 145.5 million customers. This is not directly linked, however it could have increased the likeliness of a concerned banking customer opening a ‘secure message’ from their bank.

Mark James, ESET IT Security Specialist, discusses recognising phishing emails and what to do if you receive a questionable email.

“It is definitely getting much harder for the average public to determine whether emails are good or bad, with emails being one of the top methods of communication these days we have to sort through the plethora of deliveries to our mailboxes to see what is worthy of our attention.

“Sadly, our means of deduction are limited to a few senses, namely Sight and ESP.

“The job is not easy but it’s even harder when things look right, when the email itself appears to come from someone you trust telling you that there is a problem and offering free advice on how to fix it.

“Your first thoughts are “why me!” then you need a quick way to check what damage has been caused, you are of course weary of dodgy email but these are offering a “secure message” a much safer way of reading emails so everyone tells you!

“Even those are not safe. The only way you can be safe is to contact the sending party by a separate means and ask them if they have sent you the message in the first place.

“If they have then you’re good to go, if not then you may have saved yourself from being scammed or even robbed.”  

Have you spotted any suspicious banking phishing emails? Let us know on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.