SophosLabs has received a disturbing report from a UK Local Government customer which we feel need a wider audience.
People are receiving SMS messages saying that their bank details are on the internet. These text messages are 100% malicious in nature and users should not follow the links.
The report from the local government states:
The user received an SMS message to say that his bank account details had been posted on the Internet and gave him a URL to go to. He attempted to access the site using a library PC but failed and queried the librarian about the security on the PC who raised a support call with us.
The obfuscated script inserts an iframe which attempts to download malware which Sophos blocks.
I haven't seen details of a scam like this before and have looked for a site on which to report it without success. I'm assuming you'll know what to do with it.
So, what are we at SophosLabs doing about it?
- Making the general public aware of this malicious attack
- Adding detection and blocking for the malicious website
- Making samples available for security professionals via the usual channels
SophosLabs will be publishing detection for the malicious website as Troj/Iframe-BS and the malware that Sophos already blocked was detected as Troj/PDFJs-B.