Cyber criminals are faking secure messages from banks as a means of delivering malware to victims.
Often provided through an online portal, banks often provide secure messaging services for the purposes of communicating with the bank without having to pick up the phone or visit the a branch.
Hackers have realised that this provides a new method of attack and are now crafting spoof emails claiming to contain documentation relating to secure messages.
The sorts of clients who opt to use these secure messaging services are often high-value targets who already have a trusting online relationship with their bank - so could be more willing to follow instructions they get in an email from scammers that they believe to be real.
The spoof messages are designed in such a way so as to look legitimate, even featuring sender addresses which look as if they come from the institution.
In some instances, the messages simply ask the victim to click on and download and attached document. However, others keep up the façade of being 'secure' - some emails provide instructions about using an authorization code to 'unlock' the attachment.
The malicious payload within is able to rewrite the files in the users' directory on Windows machines once the victim opens the document - and this script can potentially missed by anti-virus software, thrown off the scent because they think the document is benign.
However, once downloaded onto the system, criminals have access to it and can update the script at a later date to become something more malicious, such as credential stealing malware - enabling them to stealthily gain access to the bank account of the victim - or something more brazen like ransomware.
Faking email messages might seem like a basic attack, but criminals are deploying this tactic because it works - especially when trusted institutions such as banks are used.