A new scheme was noticed running in wild targeting those that do money transfers online. Although online banks employ various security measures, they still can be tricked. New “Server Error Messages” scam combines spam, trojans, phishing and a lot of insolence to empty bank accounts of its victims.
It starts with phony email supposedly coming from Tax Court, Bank or another official institution. Usually these emails are recognized as spam, but if there’s name and surname and business brand of the receiver mentioned, they may appear legitimate. The email messages are just the beginning of this sophisticated fraud. The letter urges to read an important document given on a link. If a receiver clicks on the link, he is prompted to install Adobe Acrobat viewer software in order to view the doc. The Adobe Acrobat viewer given on the malicious website is of course nothing useful but malware – a browser helper object. This malware then lures silently till computer’s owner decides to use his online banking account. And then the scariest part of the fraud begins: the browser helper object loads a fabricated screen into the body of legitimate bank website. This method is extremely difficult to notice, because the address in the address bar stays the same, there’s a padlock icon on it, but the user is actually typing his bank details into phony page.
Collecting bank account details is not the main purpose of this fraud; it targets money. The scam is “dedicated” to hack into bank accounts that use two-steps authentication. When user reaches the second step and enters one-time-use code, the malware loads fake server error that supposedly requires 15 to 30 minutes for the request “to be synchronized with bank server”. The 15 to 30 minutes period is actually required for hackers to empty the account.
Beware of this scam: do not open suspicious emails and do not install additional software unless it’s necessary. If you see server error message when logging into your bank account, contact your bank and explain the situation. Use anti-spyware and anti-virus tools to prevent infections like this one.