The Bitdefender anti-spam lab is issuing a warning over a fast-growing phishing campaign that steals bank account log-in data through a “verify your account” scam. Innocent bank, debit or credit card account owners and customers of financial institutions including The Royal Bank of Canada, Permanent TSB of Ireland, Discover Bank and American Express of the US or NatWest of the UK are targeted by fraudsters and sent to phishing websites to steal their private identification data.
The fabricated spam e-mails differ in appearance and language, but they convey the same message urging users to take the same course of action. They inform users of bogus suspicious or irregular activity on their accounts and that, consequently, their accounts have been limited.
The matter can, however, be quickly solved if users “verify or re-confirm their account to enable the upgrade of the account” by clicking a link in the body of the message or by accessing an attachment that invariably lead to a phishing website.
On the phishing website, users are supposed to provide private data, including complete name, home address and passwords that will help fraudsters impersonate victims and steal their money.
Some messages contain deadlines to intimidate people and make sure they are in such a hurry they won’t double check the information in the e-mail.
Bitdefender blocks the spam e-mails and the phishing websites, so users who have the antivirus solution installed are protected. The company advises users to keep their software updated, including their antivirus.
This article is based on the spam samples provided courtesy of Adrian TOMA, Bitdefender Spam Researcher.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.