Cybercriminals Are Creating Fake Banking Websites That Look Like the Real Deal
The Trickbot banking trojan is sending its victims to fake bank websites that are identical to the victims’ real bank sites. Learn how this malware works and how to avoid becoming its next victim.
Banking trojans have been around for years. If your computer is infected, the trojan waits until you visit your online banking website. When you do, it redirects you to a malicious website that looks like your bank’s site. If you enter your banking credentials into this fake site, they then fall into a cybercriminal’s hands.
In the past, you could usually spot a fake banking site by looking at its URL. The fake site would not have the same URL as your real bank’s web address. Plus, the fake site’s URL will usually start with "http" rather than "https". The missing "s" indicates the site does not have a Secure Sockets Layer (SSL) certificate. All legitimate banking sites use SSL or TSL to secure their Internet connections. Unfortunately looking for these clues may no longer work. In July 2017, cybercriminals started using a Trickbot trojan variant that sends recipients to a fake banking site that looks exactly like the real deal. The fake site even displays the real bank’s URL and SSL certificate.
How Trickbot Might Get on Your Computer
Phishing emails are being used to infect computers with Trickbot. According to theFlashpoint researchers tracking Trickbot , cybercriminals are using a spamming botnet to send out a massive number of these emails in 17 countries, including the United States, United Kingdom, and Canada. The phishing emails try to get the recipients to open an email attachment containing the Trickbot trojan.
The type of attachment and the pretense used to trick people into opening it varies. For instance,in one campaign , the emails were supposedly from the UK-based Lloyds Bank. Recipients were told to review and sign an attached Microsoft Excel file. To sign it, they had to enable the embedded macro, which initiated a process that loaded Trickbot onto their computers.
How to Avoid Becoming a Victim
Although it might be nearly impossible to distinguish between a real banking website and a doppelganger site created by the Trickbot trojan, you can avoid becoming a victim of this scam. All you need is a healthy dose of skepticism and a little knowledge on how to spot phishing emails. An email might be a phishing attack if it contains one or more of these elements:
Download our Guide to Recognizing Phishing Emails and feel free to post and distribute. A little knowledge can help prevent security breaches.
Still have questions? Contact your PC Corp Account Manager or ServiceDesk at firstname.lastname@example.org.