Wednesday, October 25, 2006

TARGETED ATTACKS ON BANK EMPLOYEES

If you were a bank employee and you received the following email, what would you do?

Dear ____, I am a reporter for Finance News doing a follow up story on the recent leak of customer records from [the bank's name]. I saw your name come up in the article from Central News and would like to interview you for a follow-up piece."

If you have time I would greatly appreciate an opportunity to further discuss the details of the above article. Regards, Gordon Reily

The email provided a link for responding the Reily.

If you suspect this is a scam your right. Hundreds of employees at a number of banks have been receiving the same message. If the bank employee clicked on the link to reply the remote site then downloaded a key logging bot from a Chinese website that was storing all of their keystrokes.

This was clearly a targeted attack on banking records by a sophisticated group. Not only did they understand psychology, but they also had the latest malware and key logging software.

0 Comments:

Post a Comment

<< Home

Blog tracker