Call them crimes of opportunity, or maybe phisher’s just want to do their small bit for the global economic crisis, but security companies are reporting a rash of phishing scams that are attempting to capitalize on the wave of hastily arranged big-bank mergers in the past few weeks. Don Jackson, head of Threat Intelligence for SecureWorks, reports a social engineering scam tied to Citigroup’s attempts to purchase Wachovia. The phishmail asks clients to download a new digital signature in order to continue to use online banking without interruption. When clicked, the link in the email triggers the download of the Gozi Trojan, a data-harvesting piece of malware that Jackson initially discovered in 2007.
Security vendor SonicWall also reported a scam that targets customers affected by JP Morgan Chase’s purchase of Washington Mutual.
But, overall, September was a slow month for hackers, SecureWorks reports. For the month of September, the company says it blocked an average of 1,460 attempted hacker attacks per banking client per day—roughly half the number of attacks the vendor saw in August.