14 DAY TRIAL // Security researchers warn that phishers are becoming more focused in their attacks and have begun targeting regional credit unions.
Traditionally phishers have targeted large financial institutions or services in an attempt to reach the highest possible number of potential victims.
This is because the success rate of phishing attacks is generally low. Therefore, logic dictates that less from more is better than less from less.
However, when human behavior is factored in things aren't necessarily as straight forward. That's because people tend to be less suspicious of emails received from relatively obscure institutions than of those originating from commonly targeted organizations.
It would appear that phishers are slowly catching on researchers from messaging security vendor AppRiver exemplify with a recent campaign that targets members of the Grow Financial Credit Union, a Tampa Bay area credit union.
The rogue emails purported to come from the financial institution pose as security alerts warning recipients that their accounts have possibly been compromised.
In order to restore access to them, users are asked to complete a form attached to the email. The attachment is actually an archieve called GrowFinancialFCU_Account_Restore_Form.pdf.zip which contains an HTML file.
Opened in the browser, the HTML document displays a clone of the Grow Financial website with a form to input account number and password, as well as credit card details, complete with CVV2 and PIN.
The use of attachments for phishing is not a new technique, but not a traditional one either. It appears to have become more common during the past year.
"Since most people are very cautious of clicking links in emails, perhaps the cybercriminals feel that delivering the entire web page to you will increase the perceived legitimacy of the message," AppRiver researcher Troy Gill explains.
"This is a very well-crafted phishing campaign that just goes to show, individuals using smaller banking institutions are not any safer from these attacks than anyone else," he adds.