Banks are supposed to be a safe place for our money. Whether we physically bring checks to deposit into our accounts or use a direct deposit system, we are generally confident that whatever we leave with them will be taken care of.
There are safeguards in place, yes, both in security to ensure our money is safe and in funds to promise our money is insured. But nothing is perfect, and as we all know banks are a prime target for cyber criminals.
We probably never hear of the attacks that are unsuccessful, of which there are likely many. Therefore when we do learn of something — such as what we are going to tell you about here — it’s worth paying attention.
They’re trying to dupe the banks first
This scam involves people pretending to be employees of an India-based bank. The phishing campaign involves them having sent emails to around 2,700 bank domains, with some of the biggest like Bank of America and Citibank being targeted.
If the recipients fall victim and click on the links, they will grant remote access to the banks’ computers. That would be bad. Very, very bad.
The criminals behind the phishing expedition are using a botnet in order to get their emails out, and it began targeting bank employees all over the world on Wednesday.
What does the email look like?
Supposedly sent from an employee at another bank, the email includes a message as well as a Microsoft Publisher file that is actually a Trojan horse virus. If clicked on, the thieves will be able to access the computer of each employee who got mixed up in the attack.
There is no word on just how effective the attack has been, which makes sense as it is still in its early stages. But it’s likely the phishers will get some bites, which is very bad news for anyone who entrusted that respective bank with their money and information.
The bank is just the gateway to you
Along with BofA and Citibank, this attack has reached Citizens Bank, Lloyds Bank, Standard Bank and many others. If you are a customer at any of the banks targeted you can only hope that no one is duped, because if so it could mean plenty of trouble for you.
Just think, not only does your bank have control over your finances, but they also have an incredible amount of information on you. Name, address, Social Security number — in short, criminals having access to your banking data is one of the last things you would want.
Yet that’s exactly what could happen if the people behind this trick bank employees into clicking on the file. And given that no one knows yet just how large a reach this has, experts say it is important to be mindful of your account(s), especially if there are any last-minute charges to any wire transfers or deposits.
Along with that, you will also want to be wary of any emails from bankers that include Microsoft Office attachments.