Cardmember Service hijacked

The other day a user sent me a screenshot of an online banking website with a comment of “I have a virus..?” I was happy that the user had learned to spot malware or fraudulent activity so quickly….but as it turns out, the user had already called the bank and spoke to the support team – they were the ones that informed the user about having a virus. I tried logging in to the banking site impersonating the user…and everything looked normal – she was in fact infected. Here’s what the site looked like:

Clearly that white box is the problem – my favorite part is the “…need to ask for additional information when you access you account online.” So – no other sites were being ‘attacked’ in such a manner – only this financial site. As a bonus, the malware even ripped off the address logo and pasted it into the pop-up window.

Sadly, I did not have time to troubleshoot this further to determine the root cause – this workstation was in desperate need of a re-image anyway, so I just proceeded with doing that. Problem resolved.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.