Some 20,000 key-employees of American financial institutions received on Monday morning e-mails sent by a group of Romanians who attempted to find out confidential data that might have been used to obtain financial benefits, Washington Post reads. The newspaper notes that this attack was different due to the large number of people who took the bait.
The messages addressed each executive by name, and included their phone number and the name of their company.
"Recipients who clicked the link were brought to a Web page that claimed they needed to install a Web browser add-on in order to view the subpoena. Those who agreed were shown an Adobe PDF document that referenced a lawsuit filed in a California district court.
The "add-on" in question was a component designed to steal usernames and passwords when the victim subsequently visited an online bank site or other page that requires those credentials (the malicious add-on only installed for users visiting the site with Microsoft's Internet Explorer Web browser). Approximately half of the recipients of the e-mail messages were executives at major financial institutions", Washington Post informs.