According to security experts from GFI Software, one of last week’s most prevalent spam campaigns leveraged the name of TLO, a company that provides investigative research and risk management solutions.
The bogus notifications, purporting to come from TLO’s Department of Investigation, only inform recipients that their accounts have been blocked. They also contain an email address and a phone number, but they appear to have nothing to do with the legitimate company.
Users who might be curious to see what this is all about and click on the “Details” link are taken to a website that hosts the Cridex worm.
Once it infects a computer, the malware is capable of stealing online banking credentials entered by users into web browsers, download and execute files, and even search and upload local files.