14 DAY TRIAL // An email from one’s bank informing of potential fraudulent activity detected in connection to the bank account is always startling and rushed action is exactly what cybercriminals rely on when sending phishing emails.
Customers of FirstBank are currently in the sight of cybercriminals, who deliver fraudulent messages trying to obtain the log-in information for the online banking service.
Two banks share the same name
Important to note is that there are two financial institutions with this name, one operates in the US, in Arizona, Colorado and California, while the other operates in Africa (First Bank of Nigeria) and is one of the largest banks on the continent.
From a sample email provided by OTA, it is clear that the scammers target the latter, since this is revealed by the malicious link provided in the context, as well as the graphics inserted to make the alert look legitimate.
On the other hand, if the notification reaches US users, there is the risk that they don’t pay attention to these details and cybercriminals might get more than what they expected.
The email’s subject is not alarming, but the body of the message informs that irregular activities have been detected and that the recipient has not completed validation with the bank as demanded by a recent security upgrade. As a result, protective action consisting in blocking the access to the online account would be taken.
However, should the recipient choose to fulfill the necessary information for identification and validation purposes, the account would no longer be blocked. “Failure to comply will lead to account deactivation,” the message informs.
Phishing page hosted on Russian domain
The crooks want to make sure that future nefarious campaigns are not stopped by spam filters and advise the potential victim to move the message to the inbox folder if it ended up in the junk or spam area.
According to OTA, the link to the fake form where victims are expected to input financial and personal details is hosted on a Russian domain. At the moment, the page is no longer available and it looks like the domain hosting it is for an adult website.
Although a native English speaker should notice the poor grammar in the notification, others may not be able to identify the mistakes. Anyone who has fallen for the phishing trap set up by the crooks is recommended to change their password for the online account without delay.