chat
expand_more

Bank Impersonated in Credit Card Phishing Scam

April 10, 2020

Cybercriminals are leveraging the uncertainty around the spread of COVID-19 as everyone focuses more on safety and security during these times. As markets crash, the attacker knows that people will look to protect their financial assets, and thus be vulnerable to attacks claiming to secure their bank accounts.

In this attack, attackers impersonate a major credit card provider and attempt to deceive victims into divulging their login credentials by sending COVID-19-themed emails that direct recipients to convincing landing pages.

Summary of Attack Target

  • Platform: Office 365
  • Email Gateway: Proofpoint
  • Victims: Employees
  • Payload: Malicious Link
  • Technique: Impersonation and Email Spoofing

Overview of the Credit Card Phishing Attack

In this attack, the threat actor crafted a convincing email and landing page that appeared to come from a major credit card provider. The email masquerades as an important notification asking recipients to secure their bank accounts during this difficult time.

Credit card phishing attempt
The phishing email impersonating a major credit card company

While the email contains several spelling errors and doesn't include the bank name, the attackers are relying on the pandemic to add fear to the situation. When clicking on the link, the phishing page is hidden behind a redirect which hides the true URL of the page, which attackers likely control and will use to steal the victim’s bank login credentials.

Should recipients fall victim to this attack, their bank account, credit card information, and other personal details stored on the bank’s website will be at risk.

Why This Credit Card Phishing Attack is Effective

The email and landing page that the attacker created were convincing and while the email contained some errors, the landing page nearly replicates the true credit card provider's landing page. Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials.

In addition, the URLs were wrapped with redirect links so the user would be unable to tell if the links redirected to the authentic credit card provider's webpage. Attackers likely expected that recipients would be too convinced by the landing page they created to double-check that the URL was valid.

Abnormal Security detecting phishing email
Abnormal Security detecting the phishing email

Abnormal stopped this attack due to a variety of factors, including the unusual sender domain, which does not typically send on behalf of this brand. In addition, the abnormal email signoff and the suspicious link were key indicators that the email was malicious and allowed Abnormal to block it before it hit inboxes.

Learn more about how Abnormal blocks credit card phishing and other brand impersonation attacks by requesting a demo today.

Bank Impersonated in Credit Card Phishing Scam

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More