LONDON—Banks and financial institutions around the world are being targeted by a new email phishing campaign that uses an unusual technique as part of its attacks.
The phishing emails come with server-parsed HTML (SHTML) file attachments that are typically used by web servers. If users open the attachments, they're immediately redirected to a malicious site requesting sensitive information, which if entered, falls directly into the hands of cybercriminals – who are believed to be working out of the U.K., ZDNet reported.
Uncovered by threat researchers at cybersecurity company Mimecast, over half of the malicious emails have been sent to targets in the U.K., with significant numbers also sent to potential victims in Australia and South Africa. A small number of attacks have targeted inboxes of users in the rest of the world, ZDNet said.
“Banking and finance is the main target of the attacks – although the emails sent to Australia appear to be mainly focused on the higher education sector. However, one thing all the victims have in common is how they sit on vast amounts of login credentials, personal data and financial information, all of which could be very useful – and potentially very lucrative – for hackers,” ZDNet said.
Goal to ‘Shock’ Victims
The campaign started in early April and distribution comes via a typical attack format – simple emails claiming to be a receipt from a payment, which in this case is for thousands of pounds.
“The high value is likely to be a ploy to shock victims into clicking on the attachment and providing their credentials to see what the unexpected payment is for,” ZDNet said.