Your payment was cancelled insufficient funds
It’s been a busy week with phishing emails. Yet another one has started up this week, this time claiming that a payment was rejected due to insufficient funds. The email is apparently from Westpac, however clicking on the links will take you to a phishing site. The end game of the phish is to infect your PC with CryptoLocker.
CryptoLocker is a form of ransomware. Once installed on a PC it will look for Office, Open Office and picture files, which it then encrypts. It will also do the same for any mapped network drives that a user has access to.
CryptoLocker moves with the times too: victims are now offered the chance to pay the ransom in bitcoin. Typically, the file is disguised as a pdf file. In a phish such as this the user is tricked into downloading the pdf file from a malicious site.
Infecting PCs with CryptoLocker seems to be the latest pastime of cyber criminals. CryptoLocker has been very prevalent over the last couple of months, particularly in Australia, where the ABC news 24 channel was taken off air for 30 minutes to deal with an infestation of CryptoLocker.
The email (as shown in Figure A) appears convincing on first appearances. However, there are a number of signs that it is bogus. Firstly, the email does not address the recipient by name. Banks always will send personalised emails.
Secondly, mousing over the links shows that the sites are not linked back to Westpac. They lead instead to a bogus site.
This email uses a simple trick to try to get the user to login; using “Payment Cancelled” in the subject line is designed to draw people in, and pressure a person to immediately click on the link without checking its veracity.
Please be aware of this type of email, as well as other phishing emails we have mentioned this week. As we have said before, the start of the Christmas shopping season is leading to increased activity of malicious emails, designed to either extract credit cards details, or seeking ransom money, or both. If you receive this type of email, delete it.