Yesterday on our blog, avast! Virus Lab researcher Jaromir Horejsi, explained a banking Trojan called Tinba. The cybercrooks behind Tinba use a social engineering technique called spearfishing to target its victims.
You have probably heard about email scams that use phishing. This classic technique uses authentic-looking emails to lure the victims to fake websites, then trick them into revealing personal information. Also this week, we told you about an email that AVAST evangelist, Bob G. received claiming that he won money in a World Cup lottery. The cybercrooks behind that scam cast a wide net, hoping to catch a few people then ask them to provide banking information so they could deliver the prize.
Other high profile phishing attempts, like the DHL email scam that ran last Christmas, preyed on the anxiety of the holidays. An email that looks like the real thing was sent, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. It’s not hard to understand why busy people can be fooled.
Spearphishing is similar in every way except that the net is drawn in much tighter. The FBI says that cybercrooks target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The emails are seemingly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive. This is what is happening with the Tinba Trojan right now in Czech Republic.
In both social engineering schemes, once the victim clicks, they are led to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.
How to avoid becoming a spear phishing victim
- Most companies, banks, agencies, etc., don’t request personal information via e-mail.
- If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).
- Use a phishing filter. Both avast! Internet Security and avast! Premier include anti-spam filters to detect phishing and scam emails.
- Never follow a link to a secure site from an email; always enter the URL manually.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Tinba Trojan specifically targets bank customers with deceitful debt notice.
The Tinba Trojan is banking malware that uses a social engineering technique called spearfishing to target its victims. Recently, targets have been banking customers in Czech Republic, AVAST Software’s home country. Tinba, aka Tiny Banker or Tinybanker, was first reported in 2012 where it was active in Turkey. A whitepaper analyzing its functionality is available here (PDF). However, the spam campaigns against bank users in Czech Republic are still going on and have became more intensive. Here is an example of what Czech customers recently found in their email inbox.
VÝZVA K ÚHRADĚ DLUŽNÉHO PLNĚNÍ PŘED PROVEDENÍM EXEKUCE
Soudní exekutor Mgr. Bednář, Richard, Exekutorský úřad Praha-2, IČ 51736937, se sídlem Kateřinská 13, 184 00 Praha 2
pověřený provedením exekuce: č.j. 10 EXE 197/2014 -17, na základě exekučního titulu: Příkaz č.j. 077209/2014-567/Čen/G V.vyř.,
vás ve smyslu §46 odst. 6 z. č. 120/2001 Sb. (exekuční řád) v platném znění vyzývá k splnění označených povinností, které ukládá exekuční titul, jakož i povinnosti uhradit náklady na nařízení exekuce a odměnu soudního exekutora, stejně ták, jako zálohu na náklady exekuce a odměnu soudního exekutora:
Peněžitý nárok oprávněného včetně nákladu k dnešnímu dni: 9 027,00 Kč
Záloha na odměnu exekutora (peněžité plnění): 1 167,00 Kč včetně DPH 21%
Náklady exekuce paušálem: 4 616,00 Kč včetně DPH 21%
Pro splnění veškerých povinností je třeba uhradit na účet soudního exekutora (č.ú. 549410655/5000, variabilní symbol 82797754, ČSOB a.s.), ve lhůtě 15 dnů od
doručení této výzvy 14 810,00 Kč
Nebude-li uvedená částka uhrazena ve lhůtě 15 dnů od doručení této výzvy, bude i provedena exekuce majetku a/nebo zablokován bankovní účet povinného ve smyslu § 44a odst. 1 EŘ a podle § 47 odst. 4 EŘ. Až do okamžiku splnění povinnosti.
Příkaz k úhradě, vyrozumění o zahájení exekuce a vypučet povinnosti najdete v přiložených souborech.
Za správnost vyhotovení Alexey Mishkel
Bailiff [Academic title] [First name] [Last name], Distraint office Prague-2 ID: 51736937 at Katerinska 13, 184 00 Prague 2 was authorized to proceed the execution 10 EXE 197/2014 -17 based on execution Order 077209/2014-567/Cen/G according to §46 paragraph 4, 120/2001 law collection in valid form which impose you to pay these costs:
Debt amount: 9,027.00 CZK ($445.00)
Distraint reward: 1,167 including 21% TAX
Fixed costs: 4,616 CZK including 21% TAX
Total: 14,810 CZK ($730.00)
To bank account 549410655/5000, variable symbol 82797754, CSOB a.s.
For the correctness of the copy warrants Alexey Mishkel
Using the spearfishing social engineering tactic, the attackers attempt to scare their victims with a specially designed email message explaining that a debt exists which needs to be paid.
Famous people – movie stars, athletes, politicians - are the favorite subject matter of scammers. Using modern technologies and communications channels, scammers and social engineers come up with sophisticated methods to trick people and grab their attention. Social channels offer a perfect environment to create buzz, grab users’ interest with shocking content, and eventually make people share the scams themselves! Behind different types of scams stands different motivations; collecting likes (likes farms), spreading malware, or installing malicious applications that will steal your credentials. Whatever those motivations, the intentions of scammers ain’t for your benefit!
We monitor social media to pick up those dangerous scams, warn our community, and report it to our virus lab. There are plenty of users who still become victims of scammers. We are convinced that it is more efficient to avoid problems, than to fix them.
An ounce of prevention is worth a pound of cure ~ Benjamin Franklin
Let’s take a look at a few types of scams and patterns that will help us to recognize them ahead. STOP – THINK – AND DON’T CLICK (YET)
Celebrities are in the constant spotlight, followed not only by the paparazzi and tabloid magazines, but fans as well, observing every step they take. The more unusual and shocking the story is, the better it sells online. Is there any better way to attract humans’ attention than with sex? If you know of some, please let us know! Meanwhile, let’s learn how those scams work and mainly - how to recognize them!
- Rouge visuals, shocking copy, and very strong call to actions. If the status contains any of following: OMG, You must watch it, Look what she/he has done! NEVER click on this link!
- Message leads to a shortened URL, so you can not recognize the link that doesn’t lead to any well- known source (celebrity fan pages or blogs, entertainment websites)
- The hosting server is unknown source
Would you click on the video saying “OMG I can’t believe Rihanna did it with a…” Read more…
Yes! What a lucky day! I’ve just got a message that I won 2,000,000.00 British Pounds (2.4M EUR/3.1M USD), an Apple laptop, a T-shirt, and a cap emblazoned with a logo of The Free Lotto Company. Pretty awesome you might think, but appearances are deceptive. Unfortunately, this is just one of the ways bad guys try to get some of our money.
Well, I was thinking, it‘s worth a shot. So I decided to write to the email address and see what would happen. Actually, the hardest part was a making up a fake name for myself! You would never believe how rough this might be. In the end, I decided to call myself Robert Konmed.
Here’s how the conversation went down.
Me: Hello, I’ve got a winning message with information to contact your email address. How can I pick up my prize please? Thank you, Robert Konmed
Bad guys: Please find attached document for info to contact courier delivery company: EMAIL:firstname.lastname@example.org Regards Brian Calton
Me: Hello guys, I’m really excited about a winning prize. But would be possible to tell me how much I should prepare for a delivery company? And also I’m curious if there is possibility to charge delivery from my winning prize? Thank you & have a nice day! Best regards! Robert Konmed Read more…
Last few years can be called a “social networking era”. Just remember the rise ups (and depressions) of myspace.com, linked.in etc. These networks are now completely shadowed by FaceBook and Twitter. Even when myspace and similar networks are not that widespread today, they were at the beginning of all. It becomes more and more usual to identify a real ego with social network profile. That’s not too dangerous in its basis, but there’s a big problem – people completely loose a sense for their privacy on internet. This is not an attitude against social networks, it’s only a thought about dangerous habits appearing with the social networking phenomenon. The risk is not the existence of social networks, the risk is how people behave there.