ABSA BANK SOUTH AFRICA - PHISHING MAIL - Be Careful

Attacker craft a very well structured mail that will fool most people in SA.

See below mail from attacker: a Well structured mail.

As you can see the mail comes from c.stoeck@t-online.de

T Online is one of the biggest internet service providers is Germany – Why would ABSA send mails from this account ?

2nd the Source IP of the mail send is from Hong Kong Central.

3rd – The attachment analysis shows that it is a pdf and not an HTML.

The PDF analysis shows that the pdf has a stream which is calling 3 programs within the document . Contains 3 stream objects.

Be careful everyone this document cleared 58 Anti virus scans. Attackers are getting more and more resourceful in hiding any malicious content in order to evade Anti-Virus Programs.

Leave a reply