"The bad guys are after your money" might be a familiar refrain, but they wouldn't be using these tricks if people didn't fall for them.
Security vendor Bitdefender has warned of a recent spam campaign aimed at stealing online banking credentials and then the victims' money.
At least three variations have been seen in the latest campaign. One claimed to be from a tax consultant trying to complete a transaction, another asks the recipient to verify financial documentation, and the third refers to "money penalties imposed on your firm."
What they all have in common is that the attached file is not what it purports to be. Instead, it is a downloader that installs the Dyre (aka Dyreza) Trojan, a piece of malware that waits for the user to visit certain banking and other financial sites, and then steals the username and password. This allows the crooks to transfer money out of the account.
Australian banks known to be affected include the Bank of Melbourne, ING, Citibank and HSBC, according to Bitdefender.
So be careful, and make sure your staff and other associates are careful too. You'll probably spot that the emails aren't intended for you, but it is important to resist the temptation to peek at attachments that might provide a juicy tidbit about someone else.
And as Bitdefender also points out, keeping your security software up to date can help by spotting malicious files.