Attack is reportedly the work of a security firm, testing defenses of American financial institutions

Over the past few weeks, many small banks and credit unions across the country began to receive packages purporting to be from the National Credit Union Administration, an organization that oversees many of America's small financial institutions.  The letter warned the readers to beware of phishing attacks and to peruse two included CDs of training material.

If you haven't guessed it by now, the two CDs were actually packed full of malware, and the letter wasn't really from the NCUA.  Reportedly (according to the SANS Internet Storm Center) the packages were sent from Microsolved as part of an authorized security test.

Nonetheless, the NCUA has responded, issuing a warning.  The NCUA states, "A federally insured credit union has reported receiving a bogus Letter to Credit Unions, accompanied by two compact discs (CDs). The subject of the fraudulent letter itself is a purported NCUA FRAUD Alert. The letter advises credit unions to review training material (contained on the CDs). DOING SO COULD RESULT IN A POSSIBLE SECURITY BREACH TO YOUR COMPUTER SYSTEM, OR HAVE OTHER ADVERSE CONSEQUENCES."

The letter which comes in the packages bears many hallmarks of a phishing scheme including typos and grammatical errors.  An excerpt from it:

The NCUA has warned numerous times 1 about "phishing" scams in which crooks send e-mails claiming to be from legitimate financial institutions, companies or government agencies asking consumers to "re-submit" or "verify" confidential information such as bank accounts, Social Security Numbers, passwords, and personal identification numbers...
Please read the included document, as it contains important training and informational material regarding the risks of fraud...

While it appears the campaign may only be a test, it demonstrates an attack route that has not been executed in some time, though much talked about.  Given the lack of good reasoning that many users seem to have when it comes to security, the attack may experience great success.

"I modded down, down, down, and the flames went higher." -- Sven Olsen

Latest Blog Posts
The Best Android Apps
Saimin Nidarson - May 20, 2017, 6:16 AM

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki