Clients of Citi Group, the third largest bank holding company in the US, are targeted by scammers who collect passwords and open backdoors for unauthorized remote attackers or download malware on the compromised systems.
This attack seems part of a greater campaign conducted by the group behind other two malicious spam messages that in January had Better Business Bureau and DocuSign clients open malicious attachment sworn to be legitimate, confidential and time sensitive.
Now it’s time Citi clients keep an eye open for e-mails that read “You have received a secure message” inviting them to read the message by opening the attachments securedoc.html.
read more.........http://www.hotforsecurity.com/blog/spammed-malware-campaign-targets-citi-group-customers-5322.html