Cyber-criminals are equal opportunity attackers, as they are just as likely to target customers of smaller regional banks and credit unions as they are to go after large banks and credit card companies.
Members of Grow Financial Credit Union, a credit union in Tampa, Fla., recently found this out the hard way. Customers received phishing e-mails masquerading as security warnings from the credit union, according to Troy Gill, an AppRiver security researcher. Along with an ominous warning that the recipient’s account has been compromised, the e-mail has a file attached.
The “well-crafted phishing campaign” shows individuals using smaller banking institutions are not any safer from these attacks than customers of larger banks, Gill said.
Based on the file name, the file, GrowFinancialFCU_Account_Restore_Form.pdf.zip, looks like a PDF file that has been zipped. In actuality, it’s a complete HTML page that looks just like the credit union’s page. The form on the page is designed to capture the credit union account information and send it to a Brazilian domain. The user is automatically redirected to the real Grow Financial Website, Gill said.
The user doesn’t realize account credentials have been stolen right away.
The fake page looks pretty similar to the real site, with navigation and “Special Offers” promotions on the side and bottom of the page. There’s very little text–just a few text boxes asking for the account number, password, name of the account holder and information about the credit union card such as expiration date. There’s a typo at the top of the form, asking for “Account Informations.”
Users should never follow links from an unsolicited e-mail to access bank account information but go directly from the bank’s Website, Gill said.