This week we have our office manager Bri, and five suspicious emails to address. Like you, Bri will only have a few moments to quickly look at the lure and decide if it’s suspicious and should be reported, is safe, or is simply spam. We may have a few curve balls along the way, too.
The Dyre banking Trojan made its first debut in June 2014, targeting large financial institutions across the globe. In September, PhishLabs’ R.A.I.D (Research, Analysis, and Intelligence Division) observed a number of enhancements to the banking Trojan that further increases the danger of the threat.
Banking Trojans Expand Beyond Financial Targets
The most recent attack utilizing the Dyre Trojan targeted the cloud computing company, Salesforce.com. Historically, banking Trojans were used to steal account credentials of banking customers but now sensitive business data is being stolen from companies in the healthcare industry, retail, software industry and others. Malicious software developers are seeking access to organizational systems and operating systems to steal data that would aid in identity theft for purposes of committing fraud. Attackers remain patient and persistent; evolving the tools, harvesting the data and attacking when it is unexpected.
PhishLabs has discovered a fraudulent invoice campaign targeting corporate executives. The scammers attempt to convince their targets to wire funds to various accounts controlled by the fraudsters in order to settle the terms and outstanding balances on legitimate invoices from other companies.
What to look for
Emails associated with this campaign follow this characteristic pattern:
PhishLabs has discovered a new malware campaign which appears to be an alert from NACHA regarding a failed ACH transaction. If a vulnerable user clicks the enclosed link, they will be infected with malware.