Wednesday, 1 October 2014

The phishing assault on Ireland shows no signs of letting up

ESET Ireland is warning about another pair of phishing emails doing the rounds, one trying to grab Eircom passwords, the other pushing a trojan infection

I really wish we could once send out an email saying “nothing to worry about” and one day (perhaps when temperatures in Hell drop substantially) we might be able to, but that day is not today. Today we have to report two new phishing attacks on Irish email addresses.

The first is titled “Dear eircom Subscriber” and pretends to come from Eircom Web Team warning users of being infected with a virus, prompting them to give up their login details to their account to “stop the spread of the virus”:

From: Web Team
To: undisclosed-recipients:
Sent: Friday, September 26, 2014 11:44 AM
Subject: Dear eircom Subscriber

Dear eircom Subscriber,
=====================

Virus Notification

This message is from eircom web team messaging service to all account holder.A DGTFX Virus has been detected on your account folders. Your email account has to be upgraded to our new Secured DGTFX anti-virus 2015 version to prevent damages to our web mail log and to your important files. Click your reply tab, Fill the columns below and send back to us or your email account will be terminated to avoid spread of the virus.

1. First Name & Last Name:
2. Full Login Email Address:
3. Username:
4. Password:
5. Retype Password:

Note that your password will be encrypted with 1024-bit RSA keys for your password safety.

Thank you for your co-operation.
------------------------------------------------
© 2014 eircom. All rights reserved.

It is, of course, all rubbish, and the scammers just want to get hold of users’ usernames and passwords to abuse their Eircom accounts, steal identity and commit various forms of fraud.

The second one is even a bit more malicious. This one claims to be from the Royal Bank of Canada, and tries to lure potential victims to click on links, with the promise of updates to their user accounts. But the links are actually infected with a drive-by download of Win32/TrojanDownloader.Waski.A trojan, a nasty piece of malware that makes computers vulnerable to cybercriminals, who can infect them with password-grabbing or bank-account-stealing spyware or use them to dispatch more malware or various illegal content:

Subject:      User Roles Waiting For Approval
Date: Fri, 26 Sep 2014 20:36:12 +0000
From: RBC Express


Dear RBC Express Customer,

Your RBC Express users roles have been updated. Please review and approve the changes made to your companies RBC Express users in order for them to become active.

Login at :
-link removed for safety-

Under Administration tasks, select Manage Users Review and Approve the changes brought to your Users Roles showing as awaiting approval.
You can edit or delete the changes initiated by your system administrator

Roles based security is the recommended way to assign permissions to users. You can set up one or many roles to suit the need of your organisation or your business processes. It is possible to assign permissions to roles in order to restrict or allow access to the various areas and features of the system.

Roles can be assigned to users through the user administration section for the RBC Royal Bank Express online payments Service in the corporate portal. A user who has been assigned a role automatically receives the same permissions as the role.

==============================================================================================================

Royal Bank of Canada Website, 1995-2014.

ESET Ireland recommends Irish computer users to be vigilant when receiving emails, tagging them as spam and deleting them immediately, without replying or clicking any links they contain. Also make sure your operating system and antivirus software are updated to the latest, to prevent possible infections.