A new phishing scam is out in the wild and is targeting users with online bank accounts. However, unlike thousands of similar phishing campaigns that hope to entice a user into clicking onto malicious link which redirects to a malicious website, this new campaign is banking on the fact that users will actually decline the request.

How the Phishing Attack Works

It all starts when a user receives a 'notice' to their email account. The message then claims that there has been a request issued by the service provider for the user to reset their password.

Next comes the hook line: "If you didn't request that your password be reset, please follow the instructions below to cancel your request." (Source: mcall.com)

Whether deciding to accept or decline the message, the user is duped into copying and pasting a link into their browser. However, upon closer inspection, both the "accept" line and "decline" line have the same address. Someone not paying close attention to the message could be easily fooled by the scam.

MS Outlook Bank Trojan Revisited

This phishing campaign is one of many exploits currently making its way around the Internet.

Recently, a phishing campaign was discovered which uses fake Microsoft Outlook alerts to implant banking Trojans on PCs, leaving the door wide open for dubious money transfers.

Analysts are reminding all users to never click on links sent in unsolicited emails, because of exposure to viruses and other forms of malware. If no request has been made, the email should be deleted from your inbox. (Source: reuters.com)