Imitating leading financial institutions is a common trick adopted by cybercriminals to gain access to users’ confidential data. MailGuard intercepted a large-scale phishing email scam purporting to come from Latitude Financial yesterday, the 14th of January 2020 afternoon (AEST).
Titled ‘Action Required’, the email purports to come from an email address using a forged Latitude Financial domain. It actually comes from a compromised mail server. The body of the email uses branding, including footers and logos, taken from legitimate messages. The recipient is advised that action is required on their account as access has been temporarily disabled for identity check. They are required to verify the details linked with their account as part of their online-security monitoring. A link is provided to "activate" their account.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link are directed to a convincing copy of the actual Latitude financial website, with a login form in the top right corner. This is a phishing website designed to harvest confidential details of users.
Here’s the screenshot of the phishing page:
As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from Latitude Financial – including incorporating the bank’s branding and logo using high-quality graphical elements. All this is done in an attempt to trick the users into thinking the scam is legitimate.
It is also interesting to note that the body of the scam email is, ironically, focused on enhancing account security. Saying that the required account verification is ‘part of online-security monitoring’ only adds on to the sense of legitimacy evoked by the email. That is because updates on account safety is a common notification expected of such a well-established company. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details. The use of a subject line like ‘Action required’ also serves to evoke urgency among recipients, motivating them to in fact, take action without spending too much time thinking about the credibility of the email.
Despite this, vigilant cyber users should be able to spot several tell-tale signs in the email itself which point to its illegitimacy. These include the fact that the recipient isn’t addressed directly within the email and other spacing errors.
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.