If you log in to your online banking page and receive a notice telling you that you need to return money you were mistakenly credited, keep your wallet closed.
A new strain of dangerous malware is worming its way into online bank accounts on Windows systems and informing customers that their accounts have been frozen, then instructing them to refund the money, Brian Krebs reported on his Krebs on Security blog.
Malware scams that target people's bank accounts are nothing new — the infamous Zeus Trojan has been at the game for years. But this particular scam incorporates some scary tactics that could fleece victims with a single click of the mouse.
The malware lies dormant on a victim's computers until he logs in to his bank account. Once he receives the message that his account has been credited in error, the malware then "modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account."
[Fake 'Wrong Transaction' Hotel Spam Hits Email Inboxes]
Say you have only $200 in your bank account, but receive a message — one that appears to be from your actual bank — that says you were mistakenly credited $1,000 and your account will be locked until you return it. The malware will actually change your account balance to read $1,200.
And here's the unfortunate payoff: if you do fill out the attached transfer form, that $1,000 will go straight into a bank account controlled by the cybercriminal.
It's likely that people would more easily fall for a scam that targets their finances than one that promises Justin Bieber will follow them on Twitter, and with that in mind, several similar cybercrime ploys have popped up recently that try to lure people into returning money they never had.
If you come across a message about an accidental financial transfer, do not fill out any forms online, and instead contact your bank directly to resolve the matter. And be sure you have your bank's correct phone number; Krebs said the criminals behind the Zeus Trojan have gone as far as to create phony customer support numbers to make sure their scams stick.