Phishing via snail mail - Shishing?

UPDATE: This appears to have been a pen-test.

There are reports (via ISC) that US Banking institutions have been subject to phishing attempts via snail mail.

Reportedly, the Credit Unions receive a package containing a letter from the NCUA and a CD with training material on it. If indeed the training material is actually malware, then one would suspect it is most likely to consist of some backdoor Trojan or a keylogger.

The NCUA press release give slightly more information on this threat with some instructions on what to do if you do receive the letter:

You should contact your NCUA Regional Office
or the NCUA Fraud Hotline at 1-800-827-9650

Added to this advice please contact your AV supplier and forward them a copy of the CD.

You can contact Sophos via:

Sophos Inc.
3 Van de Graaff Drive
2nd Floor
Burlington, MA
01803
USA

Tel: 781-494-5800
Fax: 781-494-5801

Posted on August 27th, 2009 by Pob, SophosLabs, UK
Filed under: Exploits, Malware, Spam, Vulnerabilities

Windows 7 security - A great leap forward or business as usual?

About SophosLabs

SophosLabs protects businesses from known and emerging malware - viruses, rootkits and spyware - and other computer threats like phishing, spam and scams. Learn more about the people who write this blog.

RSS feed

Hot video

International Kill-A-Zombie Day

SophosLabs blog