Hackers target thousands of bank emails in cyber attack
Hackers target thousands of bank emails in cyber attack. An international phishing campaign was launched Thursday against roughly 2,700 bank domains — including Bank of America and Citibank, The Post has learned.
Cyber-thieves posed as employees of an India-based bank and hoped to get real employees at other banks to click on their bogus email — a move that could have given the phishers remote access to the legitimate banks’ computers, according to one cybersecurity firm.
“Distribution was global. It’s not just targeted to the US,” Aaron Higbee, co-founder and chief technology officer of Cofense — the company that discovered the phishing campaign — told The Post.
The thieves are using a giant network of computers, known as a botnet, that usually sends out spam emails, Higbee said. The botnet, known as Necurs, began targeting employees via emails with bank domains starting Wednesday, he added.
The emails include a simple message and a Microsoft Publisher file that is, in fact, a Trojan horse virus that can give the thieves access to the computer of each employee clicking on the infected email, Higbee said.
Other banks targeted include Standard Bank, Citizens Bank, Coldwell Banker, Bank of New York and Lloyds Bank, as well as regional banks like Bank of Texas and Bank of Kansas City, according to a list compiled by Cofense, a copy of which was obtained by The Post.
The hackers are also targeting lenders in parts of the globe as far-flung as China and Latvia, the list shows.
Higbee said it’s too early to judge how effective the campaign is, but customers should be wary about any last-minute changes to any wire transfers or deposits, as well as any emails from bankers that carry Microsoft Office attachments.
“Be very suspicious of any last-minute changes of wire transfer changes,” Higbee said.