Bank Impersonated in Credit Card Phishing Scam

April 10, 2020

Cybercriminals are leveraging the uncertainty around the spread of COVID-19 as everyone focuses more on safety and security during these times. As markets crash, the attacker knows that people will look to protect their financial assets, and thus be vulnerable to attacks claiming to secure their bank accounts.

In this attack, attackers impersonate a major credit card provider and attempt to deceive victims into divulging their login credentials by sending COVID-19-themed emails that direct recipients to convincing landing pages.

Summary of Attack Target

  • Platform: Office 365
  • Email Gateway: Proofpoint
  • Victims: Employees
  • Payload: Malicious Link
  • Technique: Impersonation and Email Spoofing

Overview of the Credit Card Phishing Attack

In this attack, the threat actor crafted a convincing email and landing page that appeared to come from a major credit card provider. The email masquerades as an important notification asking recipients to secure their bank accounts during this difficult time.

While the email contains several spelling errors and doesn't include the bank name, the attackers are relying on the pandemic to add fear to the situation. When clicking on the link, the phishing page is hidden behind a redirect which hides the true URL of the page, which attackers likely control and will use to steal the victim’s bank login credentials.

Should recipients fall victim to this attack, their bank account, credit card information, and other personal details stored on the bank’s website will be at risk.

Why This Credit Card Phishing Attack is Effective

The email and landing page that the attacker created were convincing and while the email contained some errors, the landing page nearly replicates the true credit card provider's landing page. Recipients would be hard-pressed to understand that this was, in fact, a site designed specifically to steal their credentials.

In addition, the URLs were wrapped with redirect links so the user would be unable to tell if the links redirected to the authentic credit card provider's webpage. Attackers likely expected that recipients would be too convinced by the landing page they created to double-check that the URL was valid.

Abnormal stopped this attack due to a variety of factors, including the unusual sender domain, which does not typically send on behalf of this brand. In addition, the abnormal email signoff and the suspicious link were key indicators that the email was malicious and allowed Abnormal to block it before it hit inboxes.

Learn more about how Abnormal blocks credit card phishing and other brand impersonation attacks by requesting a demo today.

Previous
Blog orange purple building
The work landscape is changing as employees move to working remotely because of COVID-19 shelter-in-place orders. As a result, people are switching from in-person meetings to online video conferencing software such as Zoom. In this attack, attackers pose as a...
Read More

Related Posts

Blog hiring cybersecurity leaders
As with every equation, there are always two sides and while it can be easy to blame users when they fall victim to scams and attacks, we also need to examine how we build and staff security teams.
Read More
Cover automated ato
With an increase in threat actor attention toward compromising accounts, Abnormal is focused on protecting our customers from this potentially high-profile threat. We are pleased to announce that our new Automated Account Takeover (ATO) Remediation functionality is available.
Read More
Email spoofing cover
Email spoofing is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source. A spoofed email is more than just a nuisance—it’s a malicious communication that poses a significant security threat.
Read More
Cover cybersecurity month kickoff
It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end...
Read More
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Account takeover cover
Account takeovers are one of the biggest threats facing organizations of all sizes. They happen when cybercriminals gain legitimate login credentials and then use those credentials to send more attacks, acting like the person...
Read More
Blog podcast green cover
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Read More
Blog attack atlassian cover
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Read More
Blog podcast purple cover
Working at hyper-growth startups usually means that unreasonable expectations will be thrust on individuals and teams. Demanding timelines, goals, and expectations can lead to high pressure, stress, accountability, and ultimately, extraordinary growth and achievements.
Read More
Blog yellow skyline
No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.
Read More
Blog rising building
There is little doubt that business email compromise and other advanced email threats are causing significant damage–both financial and reputational—to organizations worldwide. Because these never-before-seen attacks contain few indicators of compromise, they evade secure email gateways and other traditional email infrastructure...
Read More
Blog purple person outline
Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...
Read More