Another day, another phishing scam targeting online banking users. This time around, cybercriminals are targeting Bank of America Merrill Lynch customers, tricking users to install malware designed to steal personal information. The scam email includes a PDF attachment which has a malware link that initiates a download of a "SecureMessage.zip" file - packaged with the Spyware/Win32.Zbot Trojan.
Similar to other phishing attacks, the "secure message" includes a zip file, and users open the attachment inside of a Web browser. Users end up clicking a Dropbox download link where the malware is installed - another stark reminder for Internet users to be careful when clicking links from unknown users.
One-third of phishing attacks are aimed at financial institutions, and because of the large amount of attacks, banks have to follow new guidelines to better defend against distributed denial-of-service (DDoS) attacks.