A recently resurfaced banking Trojan is now being used in a malware/phishing campaign targeting users of accounting services provider Xero. Similar attacks have also been used against users of Intuit and QuickBooks. The goal of these attacks is to gather login details for banking and financial accounts. Here's how it works, what it looks like, and what do if you get this message:How it works:
What it looks like:
What to do:
- Before clicking any link in an email, hover your mouse over that link and observe where it will take you. Either a pop-up will appear next to the link, or look at the bottom of your email program to see the actual link address. If you don’t recognize the link or it’s slightly altered(for example, intuito.biz instead of intuit.com) from the official site: Don’t click on it!
- Be cautious around ZIP files, often they are used by malware to disguise contents.
- If you have already clicked on or opened something suspicious that doesn’t show or do what you expect: run extra malware scans - in addition to your regular anti-virus software, contact your trusted IT advisors to see if further checks are necessary, and take precautions to change your account passwords especially for financial institutions – from another computer!