If you are a regular reader of The Defence Works Breaking Scams series, you’ll know that certain events make for regular scams. For example, when GDPR was looming, we saw phishing emails disguised as GDPR marketing emails. When Amazon had their Amazon Prime Day, we saw corresponding phishing emails made to look like an amazing offer for Prime members. You get the drift.
This week’s scam is an event scam. The event is the new regulation known as PSD2 which has been brought in to make financial transactions more secure. PSD2 has a requirement known as Strong Customer Authentication (SCA). In a nutshell, SCA means that a customer has to ‘authenticate’ themselves, using something like a code sent to a mobile device, when they make a purchase.
Oh, the irony then, that this week’s scam is another SCA phishing scam.
The SCA Phishing Scam Email
Santander seems to be the bank of choice for the SCA phishing scam fraudsters, as this is the second such phishing email of this type I’ve received.
The email is branded as Santander, under the guise of an informational email about the new SCA regulations.
The email is the usual phishing email using ‘fear’ as a nudge to get the recipient to click. The threat being that unless you click to sort out this new update you will lose access to your account.
The email is composed of a single image. Click anywhere on the image and you will be taken to a website.
This type of tactic is used to capture accidental clicks. How many of us unwittingly click on the screen at any given time? Quite a few I’d guess, it is so easy to do. Scammers rely on accidents as much as trickery.
This is especially true if the end result is you will be taken to an infected website, which is exactly what happens with our Santander scam email.
If the end result was a phishing site that required the recipient to enter personal details, the scammers may have to work harder. An accidental click, in that case, would likely have a lower rate of success as entering data requires some determination.
In this week’s scam, as you can see from the scan of the URL linked to the image, the site contains malware. The malware used in the infection uses common malware techniques such as a ‘stack pivot’ to help infect your machine with malware.
What Happens if You Go to a Malware Infected Website?
It is very easy to accidentally click on a link that then takes you to a malware infected website. To avoid infection:
- Ensure that you are running the latest security patches on your computers
- Regularly run anti-malware software that is up to date
- Use security awareness training with all employees to reduce the risk of any accidental or non-accidental clicking of links in suspicious emails
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
Yet Another Santander Security Scam
New EU regulation brought in on the 14th of September is seeing a rush of copycat scam emails. The emails are often spoofed bank communications that threaten to close a bank account unless it is updated.
DO NOT CLICK ANYWHERE IN THESE EMAILS
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”