Today I received an email from “Barclays <email@example.com>” having subject “Account Alert – You have a new bill from Bank of America Credit Card“.
My eyebrows immediately went up as I dont have any credit card from Barclays. The email address “firstname.lastname@example.org” looked suspicious. The email has a pdf attachment and the message said,
For details of a recent payment made to you, please see the attached payment remittance advice.
If you have any queries or questions, our contact details are printed on the remittance advice.
At once I thought, should I open the pdf or not. Trusting adobe, I open the pdf. The pdf has another link with some similar text which said, I should click here to view the bill. Now I was very certain that its a malware attack. I decided to verify if the url contains any virus.
A quick google took me to VirusTotal page. The website was really helpful and in no time I could know that the url had Malware. I wonder all those who has Barclays cards and if they were compromised by clicking on the link :(.
Learnings / warnings:
- Never open any email with attachments with un-known sources.
- Be sure to open only links with https url.
- If you are specious about the link, do verify the link using a tool like virustotal before clicking it.
And finally, keep your antivirus up-to date.