• by Ray Schultz , September 29, 2017

Monitoring your financial records in the wake of the Equifax data breach? Be careful — you’re at risk of being victimized by a phishing attack that mimics emails from banks, according to a report from Barracuda. 

Since the Equifax story broke, consumers and businesses have been hit by a wave of spam emails purporting to address security concerns. This is being done via “Secure Bank Message Impersonation — email attack delivered by spoofed messages from financial institutions,” Barracuda states.

Case in point: an email purportedly from Bank of America, using that institution’s logo. It appears to address the post-Equifax security issue.

“This is a secure message from Bank of America.

“Download attached document 2017-08-25 0255 GMT to read your message. After that, either open the attachment or request the sender to re-send the message. If you have concerns about the validity of this message, please contact the sender directly. This message will expire after 90 days.”

Barracuda concludes that “there’s a high risk of malicious behavior.”

So what’s going on?

“Typically, the type of “secure messages” we’re seeing in these scams are received from private banking clients who have stewards assisting with bank transactions, monitoring, or opening encrypted messages,” Barracuda continues.

It adds: “This is appealing to criminals because the targets are of high value and already trust intimate communications from their banks. Criminals also like that in order for targets to act on these messages, they need to be connected to the internet because the viewing happens in a web portal, which means that they are now vulnerable to downloading malicious content. 

In another example, an email claims to be from TD Canada Trust, and uses its Commercial Banking logo.

“Protected Documents 

“This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.

To unlock/view your documents, follow the instructions below.

Look for an attachment (ProtectedDoc.coc) (typically at the top or bottom; location varies by email service).

Your authorization code is 2878JDDjsbaB(SB.

Enter the authorization code when prompted.

The secure message expires on Sep. 15, 2017 @ 09:21 AM (GMT)

Please check attached documents for more information.

The submission number is id: 3d6as412-223e1bvi-2SM 613-1b4ds129

Please quote this number in any communications with TD Canada Trust.”

Based on scan analysis, “there’s a high risk of malicious behavior on this one as well,” Barracuda notes. 

Fleming Shi, senior vice president of technology at Barracuda, told The Washington Post that the company tracked 300,000 fraudulent emails in recent weeks impersonating Bank of America and 150,000 mimicking CIBC.

But Shi said: “It’s still too early to confirm a definite correlation between these secure message attacks and the Equifax breach just yet,” according to the Post. 

Barracuda says in its report: “Typically, the type of 'secure messages' we’re seeing in these scams are received from private banking clients who have stewards assisting with bank transactions, monitoring, or opening encrypted messages.”

It adds: “This is appealing to criminals because the targets are of high value and already trust intimate communications from their banks. Criminals also like that in order for targets to act on these messages, they need to be connected to the internet because the viewing happens in a web portal, which means that they are now vulnerable to downloading malicious content.”  

Barracuda continues that some of these messages have an attached Word document that contains a malicious script.

Anti-virus software won’t always catch the threat because “the Word documents contained in these 'secure messages' could be benign and allowed to be downloaded or opened when they’re first received,” Barracuda states. 

The danger is that the cyber villains can access and update script at a later time to “something more malicious,” it adds. 

And then? The “outcome for recipients who act on these messages isn’t a good one,” Barracuda concludes. 

Those aren’t the only phishing scams pouring into peoples’ inboxes. The Consumer Federation of America alerted consumers about three possible scams related to the Equifax breach: 

• Imposter scams (after you’ve initiated a credit freeze). 
• Tax identify theft that could rob you o your IRS refund.
• Spear-phishing to crack your bank and brokerage accounts.