Protecting personal information on the Internet is always a concern for computer users. Phishers are notorious for plotting sophisticated attacks that push them into a user’s inbox. In the Symantec Probe Network we have observed an interesting phishing sample in which spammers are focusing on individualized attacks.
With this tactic the phishing message is tweaked slightly to give a personalized look. The email message is an online fund transfer notification and contains the name of the user in the email salutation. The message also alleges that funds have been transferred to a user’s account by an actual person, and the supposed name of that person is provided. The “From” header is forged to appear as if the email originates from a legitimate bank. The URL provided in the message actually directs the user to the phishing website.
Dear Mr. < >
You have received a payment of 229,00 Euro on the date 06/04/2010 18.30 from the postal office MILANO CENTRO.
The payment has been temporarily blocked because of the time zone, but is now being verified and will afterwards be reimbursed in your postal account.
Summary credit information:
Credit: 229,00 Commission: 0,00 Total credit: 229,00
Click here to receive the payment
Coincidentally, if the targeted user knows the name of the person mentioned in the email or if they are expecting a funds transfer, they then run the risk of falling victim to this type of phishing attempt very easily. This attack can be catastrophic if the user’s mailbox is hijacked and the sender’s name (the “fund sender” name in the message) is actually one of the contacts in their address book.
To minimize online risk, Symantec recommends the following:
- Be suspicious of email that requests that you enter your account username and password.
- Do not click on the link provided in the email and type the bank website’s address into your Web browser manually.
- Use the latest messaging security solutions from vendors such as Symantec that fight unique spam and phishing attacks like the ones mentioned above.