Here’s a short review of the malware and phishing emails making the rounds these days

Apr 3, 2014 08:37 GMT  ·  By

Customers of Capitec Bank, the commercial South African bank, should be on the lookout for phishing emails sent out by cybercriminals. 

Hoax Slayer has spotted a series of spam emails that read something like this:

“Your online access needs to be confirmed as part of our routine maintenance to ensure your safety online. We require you to review your profile details on record as failure to adhere to this feature may result in temporary closure of your online access.”

The link in these emails doesn’t point to Capitec’s website, but to a fake page where users are instructed to hand over their account credentials and other sensitive information.

This isn’t the only spam campaign aimed at bank customers. Barclays customers are targeted with phishing emails that carry the subject line “E-Alert from Barclays.”

The malicious emails look something like this:

“We detected irregular activity on your Barclays Online Banking Account. For your protection, you must verify this activity before you can continue using your Online Banking. Follow the reference below , fill out the information required to review your account and press continue.

We will review the activity on your account with you and upon verification, We will remove any restrictions placed on your account. Click here to review”

Similar to the previous scam, victims are not taken to the bank’s official website, but to a malicious site where they’re asked to enter their personal and financial details.

Another type of malicious notifications that users should lookout for these days are entitled “Confidential - ALL Employees Important Document.”

“Please find attached documentation I will need you to complete and send back to me as soon as you can if that’s okay. Please do not hesitate to contact me if I can provide you with any further support or assistance,” recipients are told.

In reality, the attached file is not a document, but a piece of malware disguised as an innocent-looking .scr file. Variants of this email first started making the rounds back in March 2013. It looks like they’re still efficient for malware distribution.

Recommendations

To avoid falling victim to such scams, never click on a link or an attachment before taking a moment to analyze the email. If it contains typos and other mistakes, it probably doesn’t come from a legitimate organization.

Attachments, particularly ZIP files, are a clear indicator of a malware-spreading email.

Victims of phishing attacks are advised to change their passwords and keep a close eye on their inbox for scammy notifications. If your online banking credentials have been phished, it might be wise to contact your financial institution.

In case you’ve installed malware on your computer, scan the device with an updated antivirus product to clean up any infections.