Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/28/2017
01:00 PM
50%
50%

Report: Bank Email Fraud Increases since Equifax Breach

Cyberthieves are impersonating banks to send bogus "secure" bank email messages.

A spate of bogus "secure message" emails from financial institutions are making the rounds, following the high-profile Equifax breach, according to a report released today by Barracuda.

Over the past month, variants of the "secure message" email attacks have included malicious Word document attachments that rewrite directory files in users' computers once opened, according to Barracuda's Threat Spotlight report.

In some of these cases, depending on the script, the malware will remain dormant to avoid anti-virus detection when downloaded or opened but will spring into action later – potentially as ransomware.

Techniques used in these fraudulent "secure message" emails include impersonation of financial institutions, spoofed email domains and phishing attacks to get users to open the attachments or click on the links, the report notes.

Read more about the bogus "secure messages" here.

 

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/29/2017 | 9:26:17 AM
Chase as an example
I received one the other day for my credit card - checked it - yeap, entirely bogus!!!
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4245
PUBLISHED: 2019-12-11
Orca has arbitrary code execution due to insecure Python module load
CVE-2013-4593
PUBLISHED: 2019-12-11
RubyGem omniauth-facebook has an access token security vulnerability
CVE-2013-6495
PUBLISHED: 2019-12-11
JBossWeb Bayeux has reflected XSS
CVE-2013-7370
PUBLISHED: 2019-12-11
node-connect before 2.8.2 has cross site scripting in methodOverride Middleware
CVE-2019-18935
PUBLISHED: 2019-12-11
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote cod...