Phishers Don’t Care…

I don’t suppose you thought they did. But just to prove that scammers have no compunction about using people’s understandable fears about the current financial crisis as a means of stealing from them, here’s a short extract from a fairly typical example of a current wave of fraudulent emails.

“Subject: New campaign against financial markets collapse

 Due to collapse of financial markets, Barclays Bank PLC, Treasury, Bank of England and Financial Services authority launch a protection program  to ensure the safety of your personal savings, loans, personal and business accounts. Barclays Bank PLC is fighting to ensure that non of our customer will suffer any damage on they personal accounts. Is imperative for all Barclays Bank PLC customers to take this protection program very seriously.”

This is a crude example that doesn’t show very effective psychological manipulation techniques, but there are examples that do a much better job. The important thing, though, is not to focus on specific tricks, as these are changed and updated all the time. It’s better to (a) assume that unsolicited material like this is guilty until proven innocent (b) look for the underlying logical inconsistencies and technical anomalies rather than specific phrases.

I realize this is more difficult than it sounds, but we do have a couple of papers  that include some tips and tricks (“A Pretty Kettle of Phish” and “Phish Phodder“). Bear in mind, though, that it’s not unusual for scammers to try to twist such advice in such a way that they can build it into a new social engineering technique.

David Harley
Director of Malware Intelligence

Author David Harley, ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.