Bank Withdrawal Notification Scam - Fraudulent Emails Point to Trojan
Email informs customers of the ANZ, National, Commonwealth
or Westpac banks that a large sum has been withdrawn from their accounts.
(Received via email, 2004)
Subject: Notification on transfer from your ANZ bank account
We are informing you that today, the amount of $719.00 AUD has been drawn
out of your account.
Technical assistance of ANZ Bank
[LINK TO BANK REMOVED]
Customers of major Australian banks have reported receiving emails
that claim a substantial amount of money has been withdrawn from
their accounts. In order to make the message seem legitimate, the
emails arrive in HTML format and generally include a logo stolen
from the targeted bank's website. A link included in the email
supposedly leads recipients to the bank website to seek "technical
assistance". The intention here is to panic gullible recipients
into clicking on the link provided in order to gain details
regarding the apparent withdrawal. ANZ, National, Commonwealth
and Westpac have all been targeted.
At face value, this sounds like a typical phisher scam.
However, those who click on the link in the bogus email may
inadvertently download a trojan that will automatically be
executed on their computer. This trojan is configured to
log keystrokes that are entered into specific websites and email
the information to the scammers. When a window that contains certain
specified title phrases is opened, the key logger begins
recording any information that is entered. This information could
be passwords, account numbers, and other personal information.
The specified title phrases are associated with a number of major
financial institutions both in Australia and elsewhere in the world.
Thus, even recipients of the scam emails who are not customers of the
targeted bank can have sensitive information stolen if the trojan
infected their system.
The scammers have manipulated the link in the bogus email so that
it resembles a normal text link. However, those who click on the
link are first taken to a webpage where the Trojan is downloaded
before being redirected to the real bank website. This happens
quite quickly and users may not even be aware that a download
and redirection has taken place.
The example above is directed at ANZ customers, but virtually
identical emails target National, Commonwealth and Westpac
banks. The amount specified varies.
Write-up by Brett M.Christensen