Phishers love to arouse curiosity and/or fear in the user’s mind and this stimulus can compel people to set aside all caution as well as any safety measures they might have in place to avoid such scams.
In a recent spam sample seen in our probe network, we observed that by taking advantage of human curiosity, users can easily be duped into disclosing sensitive information to unknown persons. In order to ensure awareness of this campaign, and others like it, we will discuss this phishing scam in more detail.
In a slight variation to the telegraphic transfer spam attack seen in the past, we see that the message has a HTML attachment, instead of an archived executable file. As shown in Figure 1, users are advised to confirm a pending transaction with their bank and also told that there is a copy of a bank slip attached.