Phisher lures Citi and BofA
An international phishing campaign was launched Thursday against roughly 2,700 bank domains — including Bank of America and Citibank, The Post has learned.
Cyber-thieves posed as employees of an Indiabased bank and hoped to get real employees at other banks to click on their bogus e-mail — a move that could have given the phishers remote access to the legitimate banks’ computers, according to one cybersecurity firm.
“Distribution was global. It’s not just targeted to the US,” Aaron Higbee, cofounder and chief technology officer of Cofense — the company that discovered the phishing campaign — told The Post.
The thieves are using a giant network of computers, known as a botnet, that usually sends out spam e-mails, Higbee said. The botnet, known as Necurs, began targeting employees via emails with bank domains starting Wednesday, he added.
The e-mails include a simple message and a Microsoft Publisher file that is, in fact, a Trojan horse virus that can give the thieves access to the computer of each employee clicking on the infected e-mail, Higbee said.
Other banks targeted include Standard Bank, Citi- zens Bank, Coldwell Banker, Bank of New York and Lloyds Bank, as well as regional banks like Bank of Texas and Bank of Kansas City, according to a list compiled by Cofense, a copy of which was obtained by The Post.
The hackers are also targeting lenders in parts of the globe as far-flung as China and Latvia, the list shows.
Higbee said it’s too early to judge how effective the campaign is, but customers should be wary about any last-minute changes to any wire transfers or deposits, as well as any e-mails from bankers that carry Microsoft Office attachments.
“Be very suspicious of any last-minute changes of wire transfer changes,” Higbee said.