Friday, 12 May 2017

A variety of email threats in Irish mailboxes

ESET Ireland looks at a few recent cyber threats arriving by mail in recent weeks, ranging from Tesco Bank phishing to a secret ‘Hungarian admirer’.

It’s a numbers game that the cybercriminals are playing. Send out enough spam and a certain percentage of victims will click. So, week after week, we’re seeing new scams or new variations on old scams. The past weeks were no exception.

A long an elaborate letter pretended to have come from Tesco Bank credit card team. It read

“We’ve been trying to contact you about your account, but we've been unable to reach you. Your account has been restricted. To continue using our online services and have your account restored, just to keep you safe, kindly confirm your identity and remove your account limitations with the reference link below.”

And then they’d kindly steal your log in details and try to log into your account to take your money.

Bank of Ireland is always a popular name to abuse, and we’ve seen two phishing variations recently. One claims:

“In order to protect your funds and information, Bank of Ireland has set up a new enhanced security system, which will eliminate fraud and totally protect you.
The new system is called Boi Secure Link. Click the Boi Secure Link below to enjoy the new security features.”

And clicking on it, of course, does everything but protect you, attempting pretty much the same as the one above. The other one was even simpler, but unfortunately, not less effective:

“My Inbox (1) ~ Your message is available to view on 365 online.
Log in to 365Online”

As curiosity tends to get the better of people, a “new message in the inbox” is a good lure to get people clicking.

The last one is a bit of a curiosity, as it compliments, insults and tries to harm the victim, all at once:

“This is really important, I beg you to reply – your not-so-secret admirer
Honestly, I only laid my eyes on your Twitter picture, and read some of your comments.
Now I finally found your email address!
Do not ask how.
You do know how I am, and I need to tell you something: I've always loved you – but there's this little issue: to put it bluntly, you are pudgy and I want you to get fit.
I know a pill that has helped my friend to lose fat fast.
Dug up the link for you -- clicky-clicky.
Stop being obese, start being mine – and please respond ASAP”

The email comes from a Hungarian email address, but the link leads to a site on a Mongolian domain, that tries to infect you with malware.

ESET Ireland recommends you avoid clicking on any links in such emails and do not open attachments, as they may contain malware that can end up installing ransomware, or can lead to phishing or scamming websites.

The full story with screenshots is available on ESET Ireland’s official blog.