[ALERT] New Evil Android Phishing Trojans Empty Your Bank Account
Infragard warned that the FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface.
The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums.
At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched.
Users will only get infected if the malware is sideloaded or downloaded from a malicious website. Newer versions of SlemBunk have been observed being distributed via porn websites. Users who visit these sites are incessantly prompted to download an Adobe Flash update to view the porn, and doing so downloads the malware.
Known Scams - Be Aware, Be Safe
Customers have been receiving calls from Wells Fargo Bank and also from Bank Card Center and possibly other names stating their Bank of Gravett debit card has been blocked to press 1 to unblock debit card. This is a SCAM and once you go further they will ask you to enter your debit card number for verification and expiration date.
We've heard from customers who said they received a phone call with caller ID showing 'Bank of Gravett'. The caller offers to lower the person's interest rates. THIS IS A SCAM. Bank of Gravett does not make unsolicited calls in this manner. This certainly appears to be an attempt to collect personal information from the person being called. The calls may not be made just to Bank of Gravett customers, so please pass this on to your friends.
Heartbleed Bug Ramification & Remediation
The recently identified Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This vulnerability allows hackers to steal information protected under normal conditions by SSL/TLS encryption used to secure many of the internet's popular web applications. At the time of its discovery, an estimated 66% of the Internet's web applications were susceptible to Heartbleed, a vulnerability which has existed in the implementation of OpenSSL for 2 years.
Here at the Bank of Gravett, to ensure your protection and ours, we have downloaded and applied the patches to our servers and the company that our website is hosted with has done the same. We have also rekeyed our SSL certificates as an extra security measure.
Please take a look at the link below to help keep yourself from getting scammed and change your password on the affected sites.
If you receive a text message stating that it is from VISA regarding suspicious transactions on your debit card, this is a phishing attempt.DO NOT RESPOND. Delete the message from your phone. If you have received a text and already responded, please call 479-787-5251 immediately.