Cyberattacks are continuously targeting bank customers in Romania. After CERT-RO had issued an online alert regarding a series of phishing attacks trying to break into users’ internet banking accounts, a new and emerging malware spreading campaign hits bank customers again via malicious emails.
What the new Malware Campaign entails
To be more specific, the user receives a fake message via email in which they are being informed about a payment made using their bank account. The email also contains an attachment, which the message falsely claims holds information regarding the payment order and further details about the transaction.
Unlike other previous phishing attempts, this message is well written, and the attention to detail is crystal clear.
Obviously, this message is sent out by attackers, crafted in such a way that it seems legitimately delivered by the financial institution. Additionally, hackers impersonate Transilvania Bank by copying its visual identity, using realistic details, such as the font, the logo, and the bank’s address, in order to fool the receiver.
The email also claims to be sent automatically, and it contains legitimate and accurate data about the bank impersonated.
This email seems to be socially engineered to trigger fear in users, tricking them into believing that the said amount of money was stolen from their account. Further on, receivers may hastily access the malicious attachment and install malware involuntarily.
The attachment called ‘Payment Order’ is not even a document but an executable file (.exe), which will install a form of malware called ‘Agent Tesla’ onto the device.
This specific malware has the ability to record what the user types, but also the texts they copy to the clipboard. This information is collected by a command and control server (C2) maneuvered by the attackers. So, virtually, when the user logs into their personal or work accounts, the hackers can easily steal their credentials.
CERT-RO’s Recommendations against the Malware Campaign
CERT-RO (National Cybersecurity Incident Response) recommends a series of precautions against the new threat:
- To avoid being tricked into giving away your credentials, CERT-RO recommends being cautios when doing any online activity. Being careful is crucial because you can be targeted via various means, such as email, SMS, social media, phone calls, coming from hackers who pretend to be bank employees or representatives, or other reputable institutions. Think twice before you click!
- If you receive an email or an SMS from the bank, check the source thoroughly. Sometimes, the sender is hidden, and the address spoofed, but other times, the attackers use an alias. So, click on the ‘View Source’ button in the browser to detect the sender’s real address.
- If you have any doubts regarding a message that you received, check the information with the sender.
- Use an antivirus software program to scan potentially malicious links or attachments.
- Keep your operating system and software up to date.
- Regularly backup your important files and store them on external media, disconnected from the device.
- If you fell victim to a cyberattack and money have been stolen from your bank account, contact the bank and the police immediately.
Even though the attack is local to Romania, these 7 suggestions are very useful and can apply to everyone.
Last but not least, these attacks are all the more dangerous for company owners. Your entire business could bear immense costs and operation disruption due to some small human error. Not to mention your company’s image and your business relationships can suffer damages very difficult to repair.
Even though the attack is local to Romania, these seven suggestions are beneficial to everyone who uses a computer.
Provide your employees with the necessary knowledge to spot and deflect a phishing attack with ATTACK Simulator’s clever 4-Step Phishing Simulations. It’s a small investment today that could save you a ton of money tomorrow.
Don’t wait until tomorrow. Now’s the time to get your quote.