Tuesday, December 18, 2012

Citibank Spam Luring Users into Drive-by-Download Attacks

CitibankLook before you click; that email notifying you that your next Citibank credit card statement is ready could be a trap.

Cybercriminals have been shelling out Citibank spam in an attempt to direct users to malicious sites hosting the Blackhole exploit kit.

The spammers took the time to make sure that the emails, titled “Your Citi Credit Card statement is ready to view online” appear as if they really came from Citibank, and there’s a good chance the recipient will want to follow the ‘View Statement’ link once they see the negative card balance and large payment allegedly due on January 1st.

Here’s the email you will want to look out for:

"Your Citi Credit Card statement is ready to view onlnie" spam

Screenshot Credit: Softpedia



Subject: Your Citi Credit Card statement is ready to view online

Your Account Important Notification
Your Citi Credit Card statement is ready to view online

» View Statement

Dear customer,

Your Citi Credit Card statement is now available for you to view online. Here are some key pieces of information from your statement.

Statement Date: December 13th, 2012
Statement Balance: -$4,476.63
Minimum Payment Date: $662.00
Payment Due Date: Tue, January 01, 2013

Want help remembering your payment due date? Sign up for automated alerts such as Payment Due reminders with Alerting Service.

To set up alerts sign on www.citicards.com and go to Account Profile.

I prefer not to have this email contain specific information from my statement. Please send me just the announcement that my statement is ready to view online.

View Your Account | Pay Your Bill | Contact Us

One thing interesting about this attack is that there are different outcomes depending on which web browser you are using.

If you visit the site using Chrome, you will be prompted to download a malicious Chrome update. Visitors using any other browser run the risk of having malware silently installed on their system thanks to whatever Adobe Flash or Java vulnerability that the Blackhole exploit pack manages to take advantage of.

The difference in attack methods stems from the fact that Chrome doesn’t use Adobe Reader to open PDF files & asks for permission to run Java applets. Blackhole often relies on Adobe Reader & Java vulnerabilities to conduct drive-by-download attacks.

How to Protect Your PC


Here are some simple steps you can take to avoid falling for this phishing scam:

  • Always mouseover links within unsolicited emails to check the destination URL before clicking on them.

  • Keep your operating system, web browser and any other installed third-party software to help thwart drive-by-download attacks.

  • Always run antivirus software and keep the virus definitions current.

  • Consider disabling or removing Java if you do not use it.


Report Phishing Emails


If you do receive a suspicious email from Citibank, you can report it by forwarding it to spoof@citicorp.com.

[via Softpedia]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment