Beware of This Bank Email Phishing Scam

BB&T Bank Impersonation Scam Targets MS Office Emails

Note: We are reader supported and may earn a small commission when you click on links in posts

 A new bank phishing scam is ongoing with cybercriminals sending email phishing scams to unsuspecting online banking customers. The intention is to harvest BB&T bank login credentials and account information with the ultimate goal of stealing money from the victims.

“Cybercriminals are increasing their efforts in an especially vulnerable time to access liquid funds from victims’ accounts,” says the report from cyber security researchers at Abnormal Security.

This scam uses a convincing phishing email and spoofed webpage to fool victims into handing over their online login information. the spoof web page adds credibility by prompting the user to verify that they are not a robot by asking them to enter in a few numbers shown on the login page screen. This is a familiar authentication measure for anyone who uses online accounts.

•  READ Amazon Gift Card Scam Steals Bank Accounts

In this banking impersonation scam, the attackers send an email to targets impersonating BB&T bank. Messaging in the phishing email informs the target that there have been too many login attempts to their online banking account and that they’ve been locked out for security reasons.

The bank phishing email contains a link to regain access to the account. If the victim is fooled and clicks on the link, they are redirected to a spoofed BB&T Bank webpage. The fraudulent web page is branded to look like a real BB&T online banking page. It includes branding and navigation and even some supposed security measures.

• READ Office 365 Phishing Scam Targets Wells Fargo Bank Customers

 “The redirect URL is hosted on “mongolian-appraisal[.]000webhostapp[.]com” but the domain from the embedded link before the first redirect “ht[.]ly/rSgN30rqCSq” is registered to the Libyan Spider Network (int),” says the report

The victim is prompted to enter in their username and password. If the victim follows the instructions on the page, their login information is scammed by the cybercriminals who can use it to transfer money out of the victim’s bank account.

• READ Amazon Gift Card Scam Steals Bank Accounts

 Think Before You React

Like many email phishing scams and fraudulent websites, the messaging invokes fear to get the victim to act without thinking. The reader is tricked into thinking that there have been a number of fraudulent login attempts to their online bank and scared that someone is trying to steal money.

1.      When prompted to respond to a customer service email – like reset login credentials verify in order or respond to a shipping notification – always go to the vendor’s official website.

2.      Protect your login information with a password keeper to help you create strong passwords that are unique for each online account

3.      Never re-use the same password on more than one online account

4.      Never click on links in emails even if you think you know the sender. Emails can be easily faked by cybercriminals.