Malicious Emails Targeting Financial Customers

There has been a rise in malicious emails (emails carrying malicious attachments) that are aimed at individuals. These emails are customised for the recipients with details such as their name and official title.

Two recent occurrences appear to be from the US Department of Justice, and from the Better Business Bureau. They have been sent to customers of financial institutions, indicating that email addresses were stolen and the information used to make the emails appear more convincing.

What makes these appear obviously malicious is that the first (from the US Department of Justice) carries an attachment with a file extension of .scr. These type of files are Windows screen savers, something that should immediately appear out of the ordinary. If you open the attachment it will install a trojan allowing malicious hackers to later take control of your computer.

The second one (from the Better Business Bureau) contains an infected PDF file. This is unfortunate because traditionally PDF files were considered safe from viruses, but lately it’s been proven that even PDF files can carry viruses and trojans. ( A PDF file is an attached¬†document). Keep in mind that these emails have been tampered with to make them appear to be from the relevant senders. In fact they aren’t.

The best defence against these types of targeted attacks is to use a good antivirus program on your computer with the following features:

  • It must scan emails
  • It must be updated daily

It can be very difficult to pick out these malicious emails unless you have something scanning them for you.

These type of targeted email attacks have been increasing in frequency. Up to 10 new (unique) attacks have been discovered every day. This is a rather large number. Be very careful with suspicious looking emails.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>