Personal financial information is always highly private, so if this is compromised it’s a real invasion of privacy. Sadly, US banks are now under attack from malware.
Driven by the infamous Necurs hacking botnet, Trickbot is a form of malware that is currently carrying out sustained spam campaigns against US banks. It’s a cyber-attack which has been targeting financial organizations for around a year now, but it’s only recently that these attacks have been focusing on US banks.
Now, the majority of adults in the US use online banking services, so this is the kind of attack which needs to be brought to the attention of the masses. And, not only is there a security lesson for consumers to be found within this attack, but there’s also plenty for organizations to learn about good security practices.
Trickbot utilizes, as its name suggests, trickery to achieve its nefarious needs and, in particular, it embraces a redirection scheme. Usually, when you’re transferred from one webpage to another then you can clearly see that the URL changes in your browser to demonstrate where you’re heading to. However, when being redirected by malware, the victim is first sent to an alternate website on a completely different server. As a live connection is kept with the intended website – in this instance an online banking service – this remains displayed with the user’s browser.
Trickbot, however, is not a new, unique threat and Flashpoint believes that Trickbot is related to the Dyre banking Trojan which was last active in 2015. The build of both Trickbot and Dyre, so it would appear that either source code is being recycled or members of the same team are involved.
How to Beat Trickbot
The key to beating Trickbot and not falling victim to its trickery is by simply verifying the emails in your inbox. And the most important checks to make are:
- Do you recognize the sender of the email? If it’s an unusual or unknown sender name then just ignore it and, if it comes complete with an attachment, definitely ignore it.
- What is the email asking for? Financial organizations, for example, will never email you to request sensitive data or to head online and enter this data into websites.
- Are there any links in the email? If they have an unusual address you don’t recognize then don’t click on them as they could be sending you anywhere. And, even if the link reads as a genuine URL, this could still be disguising an alternate URL – hover over the link with your mouse to reveal the true direction of the link.
For more ways to secure and optimize your business technology, contact your local IT professionals.