14 DAY TRIAL // A virus designed especially to fish out banking credentials from Japanese citizens in 2005 has just been discovered by Symantec while trying to dupe unsuspecting internet users.
Cybercriminals just won't quit when they think they can fool at least a few people into giving them their bank account information. Japanese hackers recently began using an old virus called Infostealer.Jginko, which hasn't been used much, but the computer infected with it can easily give perpetrators the contents of a credit card.
In the past period, emails containing an attachment of the malicious application have been monitored on the internet by Symantec researchers who started issuing warnings about the presence of this threat.
The email appears to be legit, except for the sender's address which clearly doesn't belong to the bank's official website, as it represents a second level domain and not a fully qualified domain name.
The message asks recipients to renew their cards containing the codes used to complete transactions. These code cards represent a way of protection against unauthorized transactions and access, but they can also represent the means of emptying an account.
In order to begin the renewal process, the customer is asked to fill out the form contained in the attachment. After the form, which comes as an .exe file, is completed and the Send button is pressed, the virus makes a printscreen of the provided information and sends it to a certain IP address.
According to Symantec, the location didn't contain any images, which can mean two things: either no one fell for the scam or the person behind the attacks cleans up regularly any “fingerprint” of the hits.
In reply to the events, the bank issued a statement on their official website, informing customers on the potential threat and warned them not to give out any sensitive information as the institution would never require anything from them in such a manner.
Social engineering schemes are becoming more widely used by hackers who seem to realize that the most effective way of making people “spill” is by tricking them to believe they're a trustworthy person.
A recent study revealed that most company employees will hand out valuable data over the phone to almost anyone claiming to have connections with the organization.