Fake email regarding new secure message from BankLine that targets RBS customers


MX Lab, http://www.mxlab.eu, started to intercept fake emails regarding a new secure message from BankLine  that targets RBS customers.

The subject line is “You have received a new secure message from BankLine#24802254” his email is send from the spoofed address “Bankline <secure.message@bankline.com>” and has the following body:

You have received a secure message.

Read your secure message by following the link bellow:

link

—————-
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 1196.

First time users – will need to register after opening the attachment.
About Email Encryption – http://www.rbs.co.uk/corporate/electronic-services/g2/datalink.ashx

The embedded URL in our sample leads to hxxp://vsrwhitefish.com/bankline/message.php. This will open up and HTML document with an integrated Javascript script that will make use of ActiveXObject or a regular HTTP request, opens up a download in order to open and/or save the malicious file as instructed.

One thought on “Fake email regarding new secure message from BankLine that targets RBS customers

Comments are closed.