Cyber-thieves are growing more creative—and more aggressive—about separating digital users from their financial data.
The latest example of that trend points directly to Onliner—a new and dangerous spambot that targets 711 million email addresses, using a banking malware application called Ursnif to access unprotected Windows-based computers.
Once an email user unwittingly clicks on an Onliner email attachment (often disguised as an invoice, travel reservation or payment form), the malware gains immediate access to a user’s passwords, Social Security number, and even their credit and debit card data.
Data security specialists warn Windows users that Onliner brings more risk, and potentially more headaches, than traditional spambots.
“The Onliner campaign is dangerous,” says Larry Kahm, president of Heliotropic Systems, an IT support company based in Fort Lee, N.J. “It generates a spam email which contains a pixel image. Once that is sent and downloaded, the malware will send back to the originating server information about the recipient.”
Once user’s email and credentials have been validated, the attack can begin accessing sensitive consumer data, either right away or on a delayed basis. “People who use browsers to receive emails and those who use Outlook would have to specifically disable the show images function to prevent that gif from being downloaded in the first place,” Kahm adds.
Onliner was designed to bypass spam filters, making it uniquely dangerously among spambots, says Jeff Jackson, an information technology expert with 40 years of industry experience. “This is a disturbing trend if you rely on a spam filter to keep your employees from clicking on email attachments,” he says.
The spambot is especially crafty because it tricks email servers into using legitimate SMTP credentials harvested in previous malware attacks. “Once the spam lands in an unsuspecting users inbox, social engineering takes over to trick the user into clicking on an attachment,” Jackson explains.
Besides never opening emails, especially attachments, you don’t recognize, what can you do to protect yourself from Onliner? Jackson advises taking these direct steps:
- Use two-factor authentication for all banking related activities.
- Do not reuse passwords. Instead, use a unique password for every site you visit.
- Use a password manager to create, store and encrypt passwords.
- For employers, use ongoing cybersecurity training to educate employees on spambot and malware scams.
- Deploy an email scan that scours the dark web, which cyber-criminals leverage to exchange personal information, to see if your email address has been compromised. Experian offers a free dark web email scan.
Jackson cautions Windows users that spambots are specifically designed to send email from compromised computers without the end user noticing. “This could be on an individual desktop or an email server,” he says. “The purpose of using a spambot to deliver spam is so that the perpetrator remains anonymous and therefore can’t be caught.”
That’s the main, but not only, threat behind Onliner—an especially malicious spambot that has your banking and financial data squarely in its sites.
It’s up to you to keep Onliner out of your email box, and the sooner you get educated and deploy the tips listed above—the better.