Santander Bank customers should be aware of an effective spam campaign spreading the Trickbot banking Trojan that is coming from domains similar to those used by the financial institution.
Researchers at My Online Security and the SANS Institute’s Internet Storm Center say that Santander is not the only bank domain being leveraged, and call the malicious domains “extremely plausible imitations.”
A sample of the phony domains sending Trickbot includes: hsbcdocs.co.uk, hmrccommunication.co.uk, lloydsbacs.co.uk, nationwidesecure.co.uk, natwestdocuments6.ml, santanderdocs.co.uk, santandersecuremessage.com, and securenatwest.co.uk.