A wave of phishing attacks have been hitting over the last day targeting customers of Regions Bank in the United States and Westpac Bank customers in New Zealand. Other banks in the US, UK and Australia are also being targeted.
The ones I have been investigating all include a HTML document as an attachment with a form to fill out.
Some purport to be a survey for you to fill out and be paid $35 for participating, while others say your account has been suspended until you verify your identity.
When the victim opens the attachment it prompts them to answer some survey questions and provide some of the following details:
- Social Security Number
- Card number
- Card expiration
- CVV
- ATM PIN
- First, Middle and Last name
- Email (ironically they mailed you the form)
- Address
- Mother's maiden name
- Place of birth
- Birthday
The attackers appear to be posting the stolen information to compromised hosts in Iran (Tehran), USA (Yahoo!) and Japan.
This might be a great time to remind your less security concious friends about attacks like these and to be sure to only ever provide information to your bank in person, or when you call a well known published telephone number.
Follow @chetwisniewski
Sure, they put 35$ into your account while taking everything from everywhere!
I got one of those this morning, I was like "Nice try motha f**kas"
yeah they will give you $35.00 then they will empty your account faster than you will realise so all I do is move that to the spam folder and be done with its problem solved for me