New Year brings new phishing campaigns

New Year brings new phishing campaigns

The New Year has brought with it a mix of old and new phishing campaigns. This morning we extracted several emails from MailShark spam filters that point to a different tack being tried by criminals in their attempts to fool users into surrendering personal information.

The email we extracted is as shown in Figure A and targets ANZ customers. The subject line of the email reads “ANZ: Message Notification” (or in another version, “ANZ: “Internet Banking Service Notification”), whilst the sender reads “ANZ”. The body of the email contains the ANZ logo, with a statement embedded in it, informing the recipient that they have a “new Internet banking message.”

MailShark New Year brings new phishing campaigns
Figure A – Click to Enlarge

What marks this phishing email out from some of the others recently featured in our News section is the lack of one particular social engineering trick usually employed by criminals. It’s not actually suggesting the recipient needs to “do something” urgently. On the other hand, it also doesn’t give much of a hint as to what the message is about.

In fact, it’s an oddly crafted email. One trick criminals will sometimes use is to insert a legitimate link under the terms of use section. Alternatively, they may use a malicious link. This email contains no links under either the “Website Terms of Use” or the “View our Privacy Statement”. The sole link in the email is under the login button.

The email may look authentic on a cursory look, but closer examination shows a few issues. For one, it is not personalised. This is the biggest giveaway; as stated many times before, banks always will personalise an email.

Mousing over the sole link in the email shows that it does not lead back to the ANZ internet banking site. Rather, it leads to a phishing site. Phishing sites are often put up quickly and taken down just as quickly. The turnaround can often take place in days or even hours. The phishing emails are simply adjusted to use a new phishing site. This means that phishing sites are hard to track.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment