Recent reports are showing that cybercriminals are targeting the abuse departments within financial institutions. Reports from a number of financial institutions show emails being sent to their abuse departments reporting a fake phishing email and hoping to have fraud analysts click on the click to investigate, when an attempt is then made to install malware on the users computer.
The emails have been in a similar format to the following:
From: scammer@scammersemailaddress.com
Sent: Sunday, April 25, 2010 6:23 PM
To: abuse@xxxxxxx.com
Subject: Possible Fake Web Site
Hello, I just received an email stating it was from your bank and since I don’t have any accounts with you I think this is a fake site.
I just thought you might like to know someone is trying to scam your customers.
The email had the following link to your bank
http://bigtony4u.brinkster.net/tony.aspx?site=http://www.xxxBANK-BRANDxxx.com&sessionid=9291e2d4-bd41-4ae3-8b94-4cde37283ccb&task=AccountUpdate
Thanks, I hope you catch the scammers.
– Steve