Australia’s Bendigo Bank is apparently sending out emails titled “Morning Update” to users. The email contains the staff member’s name as well as the direct contact phone number. It also contains a business disclaimer having the email ID and phone number of Bendigo Bank.
This mail also contains an attachment, a .Zip file titled Bendigo_Report_#[random string of numbers].zip.
But don’t be fooled because this email is definitely not been sent by Bendigo Bank at all and the attached file doesn’t contain a morning update.
Instead, the attachment has a malicious file which, when opened, instantly downloads and installs a Trojan on the computer and installs additional malware components automatically to steal information like passwords so that cybercriminals can access and control the computer from wherever they want to.
This is a rather simple deceptive campaign from criminals. Nowadays criminals try to benefit from the very natural human characteristic of curiosity to deceive people and getting their computers infected.
Users who aren’t that much computer savvy will definitely be compelled to open the attachment without confirming the legitimacy of the email, most specifically customers of Bendigo Bank, according to Hoax-Slayer.
The email appears to be genuine because scammers have included the actual email ID and contact info of the Bank as is found on the actual email disclaimer of Bendigo Bank.
The information about the staff member such as the name and/or direct phone number although does vary in different versions of this scam.
Of course you are a computer savvy user and you know about the tactics of these scammers. However, it is our duty to inform you that you must never open an sort of attachments or follow URLs if you receive an email like this one.