Merrimack Valley Voice
  • Home
  • About Us
  • Breaking News
  • Online Paper
  • Concord, NH Restaurants
    • Penacook
    • Boscawen and surrounding towns
  • Attractions -= Concord, NH
  • Calendar
  • Rate Card
  • Links
  • Random Things
Picture

Picture

Belknap Subaru ad

New Email Scam

1/23/2020

 
A new email scam that goes after your banking information looks so legit it could fool you.
The scam pretends to be Citibank replete with an authentic-looking website, according to cybersecurity news site BleepingComputer, which credits MalwareHunterTeam as the organization that discovered the scam.
The fake Citibank domain, or website address, is a convincing fake: "update-citi .com." That's a big first step in potentially fooling Citibank customers since scams often use domain addresses that are easily identifiable as fake.
The scam also uses a so-called Transport Layer Security (TLS) certificate and other security measures that “could easily cause people to believe they are submitting their personal information on a legitimate page,” according to BleepingComputer.
Security certificates lend additional credibility to the scam because they imply authenticity.
Here’s how the scam works: after a Citibank customer is fooled into entering their login information, they are shown forms that request personal information. That includes name, date of birth, address, the last four digits of their social security number, their debit card number and other card information that is typically requested like security codes, according to BleepingComputer.
“It is believed, but not confirmed, that during this period the phishing page will attempt to login to Citibank using the credentials provided by the victim,” the cybersecurity news site said.
“The tool is very easy to set up for any attack and that’s what makes it quite dangerous,” Pratik Savla, senior security engineer at cybersecurity firm Venafi, told Fox News. Often the bad guys will set up a typosquatted domain, such as www.yahooo.com, with an extra “o.” The customer then gets an email inviting them to the site. If the user falls for the bait, all requests to the phishing site can be sent back to the valid site.
“Additionally, all pages shown to the user can originate from the valid site. This tricks the user into entering both their primary and OTP [one-time password] credentials. Once done, the attacker can then hijack the session, getting access to the user’s info,” Savla said, referring to a one-time code sent to a cell phone for verification.
The unfortunate fact is many users are so distracted that it makes scams like this that much easier to pull off.
“Many users access their email and bank accounts on mobile devices, while multi-tasking (unfortunately for example, while driving), and this makes it harder to spot phishing sites,” Colin Bastable, CEO of security awareness & training company Lucy Security, told Fox News.
(All credit goes to Fox News for this warning)

Comments are closed.

    Breaking News

    Picture

    Picture
    Merrimack Valley Voice Recommended

    Appalachian Gear Company ad

    Archives

    February 2023
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    January 2019
    November 2018
    October 2018
    September 2018
    August 2018
    April 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    May 2017
    March 2017
    January 2017
    December 2016
    September 2016
    August 2016
    July 2016
    May 2016
    April 2016
    January 2016
    September 2015
    June 2015
    May 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    August 2014
    July 2014
    June 2014
    May 2014

    RSS Feed

Copyright © 2020  MV Voice
​603.568.0428
  • Home
  • About Us
  • Breaking News
  • Online Paper
  • Concord, NH Restaurants
    • Penacook
    • Boscawen and surrounding towns
  • Attractions -= Concord, NH
  • Calendar
  • Rate Card
  • Links
  • Random Things