Thanksgiving Phishing Campaign Delivers Banking Trojan
In October and November 2018, a spam campaign circulated with an Emotet banking trojan disguised as a Thanksgiving e-card. The email, which featured a happy holiday greeting, appeared to contain a Word Doc attachment, but when opened was actually an XML file that allowed sensitive financial data to be stolen via transmission. By disguising the virus as a Word Document attachment, the email was able to evade typical spam and malware filters.
When victims opened their supposed holiday message, they were actually downloading a Command Prompt (CMD) shell that included a PowerShell command. Once executed, the command delivered Emotet, a banking trojan that steals sensitive information from emails and web browser forms. To continue infecting more machines, the malware then used the victim’s email to send the virus to more addresses.
Holiday phishing scams
The holidays are a popular time for phishing scams, as consumers are in a hurry to accomplish everything on their list. Between Thanksgiving and New Year’s 2017 there was a 22 percent spike in online fraud attempts.
A Thanksgiving e-card is just one example of how fraudsters steal sensitive information. The Emotet virus is often sent as an email attachment, like a PDF or Word Doc, which could look like a variety of standard email attachments such as an invoice or receipt. Popular holiday scams also include clicking on fake advertisements for seemingly amazing sales, and contests collecting personal information promising a grand prize. Another popular scam is fake charities looking to collect financial information by taking advantage of holiday kindness.
How to stay protected
IDMI.Net was made aware of the Thanksgiving attack soon after it began, and as a result immediately blocked any email sending a Word Document as an attachment. This strategy allowed us to ensure our clients weren’t affected; organizations and consumers were left unprotected when relying solely on a spam filtering service, most of which did not catch the malware. We were ultimately able to stop a large amount of malicious traffic, and likely prevented dozens of accounts from being stolen.
Organizations should take extra caution to monitor their networks during the holiday season. Spikes in server hits could represent a bad actor trying to get to your system. Using threat intelligence can help to defend against spam campaigns like the Thanksgiving e-card.
IDMI.Net is your partner in online security and will provide you with the support you need to keep your clients safe all year long. Contact us today for more information about how we can work together to protect your clients.