Our engineers have reported a Trojan virus that’s floating around that’s utilizing a new phishing tactic that’s worthy of passing along to you. Internet crooks and scammers are extremely active this time of year due to the massive number of online shopping transactions and they’re constantly coming up with ways to steal your financial information. Here’s how this particular scenario unfolds:
- If your antivirus protection application is out of date, antivirus definitions are out of date, or the antivirus vendor has not included protections against this virus and\or its variants in their most recent definitions release, your machine may be infected by a Trojan virus that allows for this exploit.
- You browse to your bank account (this virus is applicable to most major banks). You put in your username and password and everything appears to work as usual.
- If your machine is infected with this virus, the screen may spin for a few seconds or go white for a short period of time, the URL stays the same (your address bar gives the appearance that you’re still on yourbank.com) then suddenly, a box comes up saying your account has had some strange activity and they are forcing you to verify who you are. The page prompts you for personal financial information such as your debit card number, expiration, 3 digit code, PIN or other security questions. If you were to enter these and click next, it would say ‘thank you’ and take you to the screen for your bank like nothing ever happened when in reality, you just sent all of the personal financial information that you just entered to the bad guys.
This is a sophisticated scam called a “man-in-the-middle” attack. The technical trickery that is happening in the background is re-routing of DNS over SSL AFTER you type in your pertinent log-in details, which then attempts to phish you for your credit card information.
Please remain diligent when faced with these crafty methods thieves utilize to phish for your personal financial information. Asking for your personal financial information should always raise a red flag as legitimate financial institutions do not ask for your account numbers, credit\debit card numbers, PIN or Social Security Number to verify your identity.