In January, we intercepted a phishing scam impersonating Australian financial services company Latitude Financial. Now, a similar phishing email spoofing the company has been identified and blocked.
Titled ‘Action Required’, this email uses a display name of 'Latitude Financial'. However, the sender email address does not use a Latitude Financial domain. The email actually originates from a single compromised email address. The "Reply to" field also uses the same name, i.e. "Latitude Financial". The email address displayed next to the "Reply to" field contains a forged email address ending with the domain "@latitudefinancial.com".
The body of this email uses the financial company's branding, including footers and logos. The recipient is advised that action is required on their account as access has been temporarily disabled for identity check. They are required to verify the details linked with their account as part of their online-security monitoring. A link is provided to "activate" their account.
Here is a screenshot of the email:
Unsuspecting recipients who click on the link are directed to a convincing copy of the actual Latitude financial website, with a login form in the top right corner. This is a phishing website designed to harvest confidential details of users and is hosted on a URL beginning with "card.latitudefinancial.su".
Here’s the screenshot of the phishing page:
After "logging in", users are led to multiple phishing page spoofing the company titled "Confirm your identity". They are asked to insert their credit card details as well as upload their driver's licence or passport, as per the below screenshots:
After inserting those details, users are shown another page telling them their access has been "enabled successfully".
Users are then finally redirected to the company's authentic website.
As you can see from all the screenshots above, cybercriminals have taken great pains to replicate official landing pages from Latitude Financial – including incorporating the bank’s branding and logo using high-quality graphical elements. In addition, the URLs used in the phishing pages use familiar domains like "card.latitudefinancial.su". All this is done in an attempt to trick the users into thinking the scam is legitimate.
It is also interesting to note that the body of the scam email is, ironically, focused on enhancing account security. Saying that the required account verification is ‘part of online-security monitoring’ only adds on to the sense of legitimacy evoked by the email. That is because updates on account safety is a common notification expected of such a well-established company. All this serves to elicit a more confident response from recipients who think they are, in fact, making their accounts more secure by clicking on the provided link and entering their confidential login details. The use of a subject line like ‘Action required’ also serves to evoke urgency among recipients, motivating them to in fact, take action without spending too much time thinking about the credibility of the email.
Despite this, vigilant cyber users should be able to spot several tell-tale signs in the email itself which point to its illegitimacy. These include the fact that the domain used in the sender address doesn't point to Latitude Financial, and that recipient isn’t addressed directly within the email.
We strongly advise all recipients to delete these emails immediately without responding. Please share this alert with your social media network to help us spread the word around this email scam.
Stop email fraud
Cybercriminals know we can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.
People aren't machines; we're all capable of making bad judgement calls. Without email filtering protecting your inbox, it’s all too easy to have a momentary lapse of judgement and click on the wrong thing.
Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.