BB&T Bank Impersonation Scam Targets MS Office Emails
Note: We may earn a commission from products or services when you click on a link and make a purchase.
A new bank phishing scam is ongoing with cybercriminals sending email phishing scams to unsuspecting online banking customers. The intention is to harvest BB&T bank login credentials and account information with the ultimate goal of stealing money from the victims.
“Cybercriminals are increasing their efforts in an especially vulnerable time to access liquid funds from victims’ accounts,” says the report from cyber security researchers at Abnormal Security.
This scam uses a convincing phishing email and spoofed webpage to fool victims into handing over their online login information. the spoof web page adds credibility by prompting the user to verify that they are not a robot by asking them to enter in a few numbers shown on the login page screen. This is a familiar authentication measure for anyone who uses online accounts.
In this banking impersonation scam, the attackers send an email to targets impersonating BB&T bank. Messaging in the phishing email informs the target that there have been too many login attempts to their online banking account and that they’ve been locked out for security reasons.
“The redirect URL is hosted on “mongolian-appraisal[.]000webhostapp[.]com” but the domain from the embedded link before the first redirect “ht[.]ly/rSgN30rqCSq” is registered to the Libyan Spider Network (int),” says the report
The victim is prompted to enter in their username and password. If the victim follows the instructions on the page, their login information is scammed by the cybercriminals who can use it to transfer money out of the victim’s bank account.
Think Before You React
Like many email phishing scams and fraudulent websites, the messaging invokes fear to get the victim to act without thinking. The reader is tricked into thinking that there have been a number of fraudulent login attempts to their online bank and scared that someone is trying to steal money.
1. When prompted to respond to a customer service email – like reset login credentials verify in order or respond to a shipping notification – always go to the vendor’s official website.
2. Protect your login information with a password keeper to help you create strong passwords that are unique for each online account
3. Never re-use the same password on more than one online account
4. Never click on links in emails even if you think you know the sender. Emails can be easily faked by cybercriminals.