Bitdefender is warning users to be on the lookout for fake Citi Group notifications which inform them that they’ve received a “secure message.”“Read your secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it with Internet Explorer,” the malicious emails read.
While the link from the email actually points to a legitimate Citi site, the attachment is a piece of malware that opens a backdoor on the computer and allows the cybercriminals to steal sensitive information from the infected device.
Experts believe that this spam run is part of an older campaign which also relies on bogus Better Business Bureau and DocuSign emails in order to trick users into opening malicious attachments.
If you’ve already fallen victim to this one, be sure to scan your system with an up-to-date antivirus solution. Also, if you’ve logged in to any accounts or performed banking operations, change your passwords immediately and contact your financial institution.