This phishing scam poses as a charity email, delivers Ramnit banking Trojan malware

Phishing emails contain names and telephone numbers of targets.
Written by Danny Palmer, Senior Writer

Cybercriminals are exploiting charity for their own nefarious means.

Image: iStock

Cybercriminals are attempting to infect people with bank data stealing Ramnit malware by using phishing emails pretending to come from a charity.

Migrant Help is a real British charity which offers support to distressed migrants arriving in the UK, but hackers are using its name in an effort to infect victims with the Ramnit banking Trojan, Action Fraud, the UK's fraud and cybercrime centre has warned.

A phishing email with the subject 'Thank you for choosing to donate to Migrant helpline' is sent to the potential victim, claiming that they recently donated money to the charity.

The emails contain a fake receipt for which, as noted by My Online Security, lists the first name and second name of target as well as their actual phone number. It is not clear how the scammers obtained this information, but using the target's real name and phone number makes the email make look more authentic.

The message contains a reference number and invites those with questions about their donation - which victims are likely to have if they've never given to Migrant Help - to click on a link which has been customised to contain the target's name, in order to download a document supposedly containing more information.

Those who click on the link are taken to an online Word document which downloads the Ramnit payload onto the victim's machine.

First appearing appeared in 2010 in the form of a self-replicating computer worm, Ramnit has evolved to become much more dangerous, reaching the point where those behind it have developed it into a banking Trojan, designed to steal bank customer login credentials for theft and fraud.

Despite being seven years old Ramnit remains dangerous, and even accounted for the largest increase in malware attacks during November last year, with the number of infections doubling since the previous month.

Advice from Action fraud on not becoming a victim of phishing scams is to not open attachments in unsolicited emails and to install the latest software security updates.

The police warning on malware distributing Migrant Help phishing email scam comes shortly after City of London police warned of a ransomware scheme targeting schools.


Editorial standards