Phish for Thanksgiving?

Over the previous few days, our research team here at GFI has noticed an uptick in bank phishes winding up in a few of our spam traps. This particular scam is unique in that it comes with an html file attachment which leads to a form that attempts to steal from the unsuspecting victim all types of identifying information from the standard pin and password to their Driver’s License number and even a (fake) description of the last transaction made on the account.

As of this posting, we have seen e-mails targeting Bank of America and SunTrust customers and surely more will follow.

As always, please be wary of e-mails from financial institutions asking for identifying information. When in doubt, call the official phone number listed on the back of your credit card or the known customer service line for your bank.

So, while "fish" was likely a staple eaten during the days of the pilgrams, we here in the lab are going to stick to good ol' turkey this year.

Stay safe,

Robert Stetson
Malware Research Team