The Latest in IT Security

Beware of Federal Reserve emails

28
May
2011

In the past few days we have received many emails from “the Federal Reserve”:

Since they are not legitimate we have been cataloging them on phishingemails.com.

However, they are not your typical phishing scam. Sure it is a lure, but the bad guys are not here to gently ask you to fill in a form to steal your credentials. They are choosing the brute-force method:

Clicking on the link triggers a series of exploits:

You can see how it works its way:

From Outlook’s email, to Internet Explorer (click on the link) to a Microsoft Help Center exploit…

The bad guys are using a URL shortener and then off we go to exploit land:

That way you end up with a Trojan on your PC, and maybe a couple of fake AVs…

Thankfully my phishing trap is a VM image I can reset easily…

Jerome Segura

Related posts:
  1. Email Threats Highlights: EFTPS, BBB and Federal Reserve Spam
  2. Stay away from the phishing emails claiming to be from Reserve Bank of India.
  3. Apple Store billing phishing – beware bogus emails!
  4. O2 phishing emails pose as network disruption apology
  5. Beware of Emails Asking You to ‘Confirm your account on Facebook’

Tags:  
Written by Malware Diaries
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments