GTBank “GeNS Transaction Alert” Phishing Email

Cybercriminals are sending emails pretending to be from Guaranty Trust Bank. These emails come as an alert for an impending debit due to stamp duty. Below is a sample and analysis of one of such phishing emails.

  1. Spoofed Email Address

The sender’s email shows that it from the domain gtbank[.]com which is the actual domain for Guaranty Trust Bank. What this means is that the sender’s email has been spoofed. Email spoofing is the creation of an email with a forged sender address. Ultimately, the goal is to make the recipient believe that the email originated from someone other than the true source. The cybercriminals are trying to make the recipient think that this email originated from GTBank.

Note: the lesson here is that you shouldn’t trust an email simply because the sender’s address is familiar.

2. Generic Email Greeting

Notice that the email greeting is generic. Instead of addressing the recipient by name, a “Dear Customer” is used. This shows that this is not a targeted attack but rather the perpetrators are sending to a large number of people and hoping some fall for it.

3. Spoofed Clickable Link

The clickable link in the email has also been made to appear to be from GTBank. The text of the URL is ibank[.]gtbank[.]com/….. but the actual URL it leads to when clicked is something different. The destination is a look-alike of the Guaranty Trust Bank Internet banking page. The aim is to trick people into thinking they are on the real GTBank internet page and inputting their login credentials which are then sent to the cybercriminals.

If you’re on a laptop or PC, simply hovering over the link would show the destination but if you’re on a mobile device you may check the link by holding your finger down on it. Unlike a short tap on the link which would open the link, holding your finger on the link will cause a new dialogue window to pop up, showing you the destination web address without taking you there.

4. The Use of Fear and Urgency

To make recipients more likely to click the link, the cybercriminals use stamp duty charges as a pretext. The email then explicitly states that if action is not taken within 12 hours the recipient will be debited. The cybercriminals are using fear, precisely, the fear of losing money.

The use of emotions such as fear is a common tactic of cybercriminals. They do this to try to get their victims to act without thinking. Always watch out for emails that sound urgent or try to make you afraid, its a sure red flag.

5. The Use of Company Logo and Branding

Just like using the fake sender email, the use of the bank’s logo and branding is to make recipients less suspicious and enhance the legitimacy of the email.

Lesson: don’t be misled by appearances, never trust an email simply because it looks like other emails you have received in the past from the same organization.

Finally, always try to think critically and never be in a rush to take action.

Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *