InfoSight has detected a flood of phishing emails that are propagating through the Internet and targeting small community banks.  This spam campaign is delivering hundreds of thousands of messages that masquerade as a failed wire transfer, while delivering the password-stealing Zeus banking Trojan.  The hackers were very aware of who to target; they went after the individuals in the bank responsible for wire transfers. A snapshot of a sample email is provided below.

The <From:> field varies, but all the samples we have seen are originating from  The “masked” information below would normally display the full name of the recipient.

When the user clicks on the “Order tracking area”, the machine gets infected with the W32/Zbot malware (also known as Zeus).  This malware captures login and password information to websites. Many antivirus software packages, even with the latest signatures, are not able to detect the malware.

You cannot stop these hackers from trying, but you can prevent them from succeeding. The first step to preventing these attacks is employee training. After receiving an internal alert from InfoSight about the attack a customer wrote in: “We received these emails as well, luckily we knew not to click the emails. We’re thankful for the Security Awareness training from InfoSight for their knowledge on how to handle the issue!!!”

Other ways to mitigate the risk is to encourage the communication between users and institutions, along with any associations associated with the bank. It’s important to educate everyone on the scam and the precautions to take.

Be on the lookout for other scams circulating the Banking Industry, targeting the smaller banks such as the Zeus-laden fake IRS emails which have snagged a few victims since its launch in mid-June.

If you require assistance from the InfoSight Team, please contact our InfoSight Network Operations Center at 305-828-1003 x130 or

Also please follow InfoSight’s CSO Eric Gomez on twitter @Eric_InfoSight for all the latest news and alerts.