TrendLabs Web content security analysts recently received spammed messages (see Figure 1) purporting to come from the Bank of Nevada. At first, the attack seems just like any other common phishing attack. However, users who are tricked into clicking the URL embedded in the spammed messages will be redirected to a fake Bank of Nevada home page (see Figure 2).
After a second or two, users will again be redirected to the following malicious adult site.
At present, TrendLabs engineers have identified 29 unique domains related to this phishing attack. Note, however, that the cybercriminals behind this attack used more than 1,000 URLs and spammed messages.
The Bank of Nevada, in its home page, has also stated its knowledge of this phishing attack (see Figure 5) and has issued its own statement on its site to protect its online banking customers (see Figure 6).
Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains via the Web reputation service.
Non-Trend Micro product users can also stay protected by using eMail ID by avoiding fake messages from reaching their inboxes. It also helps users quickly find legitimate messages quickly.