Call them crimes of opportunity, or maybe phisher’s just want to do their small bit for the global economic crisis, but security companies are reporting a rash of phishing scams that are attempting to capitalize on the wave of hastily arranged big-bank mergers in the past few weeks. Don Jackson, head of Threat Intelligence for SecureWorks, reports a social engineering scam tied to Citigroup’s attempts to purchase Wachovia. The phishmail asks clients to download a new digital signature in order to continue to use online banking without interruption. When clicked, the link in the email triggers the download of the Gozi Trojan, a data-harvesting piece of malware that Jackson initially discovered in 2007.
Security vendor SonicWall also reported a scam that targets customers affected by JP Morgan Chase’s purchase of Washington Mutual.