The growing sophistication of phishing email has recently gone up another notch as reports of a very convincing voice phishing (aka “vishing”) attempt surfaced.
TrendLabs was alerted of a phishing email disguised as, ironically, a warning against phishing attempts. The message is actually quite convincing, with all the links even leading to the corresponding legitimate target pages.
The catch in this facade is that the message also gives a phony phone number that the recipient has to call in order to reactivate their account, which supposedly has been placed “on hold”. Upon calling the said phone number, it connects to a system which asks the user for their bank card number and PIN. After which, the rest, most especially the affected user’s fund, is history.
Below is a screenshot of the email message:
This phishing email follows the footsteps of a similar attempt reported last week. While these developments are something to continually watch out for, users should be reminded that awareness and cautious browsing works like a charm against such attempts. As a rule, most financial institutions and organizations do not ask for one’s PIN or password to verify or reactivate an account.