The Commission has been alerted by the National Fraud Intelligence Bureau to a phishing attack on a U.K. financial institution whereby an email containing a JAR file attachment has been sent in order to socially engineer bank staff into unpacking the compressed file. The email states that it has come from the Office of Foreign Assets Control, part of the Department of the Treasury, with the email address: [email protected]
Example of e-mail text:
“Hello, These four (4) names are included in the ofac list but we have received a report of remittance performed to these people from you. We demand more explanation on why you should remit funds to these individuals. Check the attached file for the full details of the report and transaction details.”
The National Fraud Intelligence Bureau has not previously seen a social engineering attack aimed at the due diligence processes of financial institutions before and we consider this therefore to be a new attack vector. It is believed that the attachment contains malicious software.
Our advice to financial institutions is to mitigate this risk by making staff aware of this phishing alert.
• Do not click or open unfamiliar links in emails or on websites;
• Check the legitimacy of the email with the company that has supposedly sent it – it is a good idea to find a telephone number for them independently from the email, as the phone number provided may be fake or go straight to the suspect; and
• Ensure you have up-to-date anti-virus software and perform regular scans.
If you have clicked or activated the link you should seek professional advice from a reputable company.