Sunday, March 16, 2008

Spear phishing email using banking digital certificate

Hackers Use Banking Digital Certificates to Scam Financial Customers

SecureWorks, one of the leading Security as a Service providers, announced last week that hackers are successfully scamming banking customers with spear phishing emails stating that their banking digital certificate has expired. The malicious emails state that in order for the bank customer to access their bank account, they must load a new certificate by clicking on an enclosed link.

Once they click on the link, they are actually downloading the Prg Banking Trojan. This banking Trojan, originally discovered by SecureWorks in December 2007, is one of the most sophisticated and lethal pieces of banking malware developed.

The Prg Banking Trojan enables the hacker to be alerted when the victim is doing online banking so the hacker can piggyback in on the session with the victim. This way the hacker can compromise the victim's bank account without using the victim’s username and password.

According to Don Jackson, Senior Security Researcher with SecureWorks' Counter Threat Unit™, the hackers behind the Prg Banking Trojan scam have successfully used the digital certificate ploy since September 2007. SecureWorks reported that the Prg Banking hackers targeted commercial banking customers last December and the one scam resulted in the theft of over $6 million dollars from banks in the US, UK, Spain and Italy.


Bank customers should avoid clicking on any links within emails from untrusted sources. Even if they recognize the sender, they should find some way, besides replying to the email, to verify the email’s authenticity such as calling the bank directly.

No comments: