Sometimes a single wrong character can be a big mistake, costing you a lot of money. Spammers know this and have created websites with names similar to those of financial institutions and use them to spread malware that eventually leads to people losing their financial information and login credentials.
My Online Security researchers and the SANS Institute’s Internet Storm Center discovered an attack that has targeted a number of banks and financial institutions located in the United Kingdom and the United States.
These institutions include HSBC, Lloyds Bank, Santander Bank, Nationwide, and Natwest. The spammers set up domains similar to the domains of the banks so people who made typos would fall right into the trap.
If someone made a mistake by typing in the wrong word and then another by visiting some of the fake sites, that have been taken down since, thankfully, they would become a victim of a banking trojan named Trickbot.
A lot of effort has been put into the making of the fake websites, researchers say, so that they would seem as legit as possible. The domains were implemented on servers using full email authentication and HTTPS, an encrypted communications protocol usually found on trusted websites.
This resulted in people easily clicking on links, not suspecting anything and opening attachments that have the Trickbot trojan in them. These attachments would often appear as “secure email” that required the user to download an HTML or Microsoft Office file that would contain the malware.
Trickbot’s best ability is carrying out the attacks in which it intercepts and redirects traffic in a user’s browser, then steals their information and injects malicious ads and other code, like the one that can steal user’s login credentials.
A researcher for SANS Institute’s Internet Storm Center said that, as it is the case for many malware types, if a device has the proper security, it won’t be affected by the Trojan. But this isn’t such a common practice for users and companies. Thus, the malware will occasionally make its way into computers and surpass the alarms and security measures.
In order to be able to defend themselves from these types of attacks that use Microsoft Office security exploits, users are advised to disable options in the program like “Enable content” and “Enable macros” that allow the malicious code housed in the Word documents to execute.
To do this, users should open the Access menu in Microsoft Office, and click Trust Center, Trust Center Settings, open Macro Settings, and from there ensure content and macros are not enabled.