May 16 2022

The 5 most common types of phishing attack

Category: PhishingDISC @ 1:58 pm
The 5 most common types of phishing attack

Phishing is among the biggest cyber threats facing organisations. According to Proofpoint’s 2021 State of the Phish Report, more than 80% of organisations fell victim to a phishing attack last year.

One of the most frustrating things about this is that most people know what phishing is and how it works, but many still get caught out.

The growing sophisticated of phishing scams has contributed to that. They might still have the same objective – to steal our personal data or infect our devices – but there are now countless ways to do that.

In this blog, we look at five of the most common types of phishing email to help you spot the signs of a scam.

1. Email phishing

Most phishing attacks are sent by email. The crook will register a fake domain that mimics a genuine organisation and sends thousands of generic requests. 

The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’. 

In other cases, the fraudsters create a unique domain that includes the legitimate organisation’s name in the URL. The example below is sent from ‘olivia@amazonsupport.com’.

The recipient might see the word ‘Amazon’ in the sender’s address and assume that it was a genuine email.

There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download an attachment. 

2. Spear phishing

There are two other, more sophisticated, types of phishing involving email.

The first, spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:

  • Their name; 
  • Place of employment; 
  • Job title; 
  • Email address; and 
  • Specific information about their job role.

You can see in the example below how much more convincing spear phishing emails are compared to standard scams.

The fraudster has the wherewithal to address the individual by name and (presumably) knows that their job role involves making bank transfers on behalf of the company.

The informality of the email also suggests that the sender is a native English speaker, and creates the sense that this is a real message rather than a template.

3. Whaling

Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of phishing attack, the technique tends to be a lot subtler. 

Tricks such as fake links and malicious URLs aren’t helpful in this instance, as criminals are attempting to imitate senior staff. 

Whaling emails also commonly use the pretext of a busy CEO who wants an employee to do them a favour.

Emails such as the above might not be as sophisticated as spear phishing emails, but they play on employees’ willingness to follow instructions from their boss. Recipients might suspect that something is amiss but are too afraid to confront the sender to suggest that they are being unprofessional.

4. Smishing and vishing

With both smishing and vishing, telephones replace emails as the method of communication.

Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation.

One of the most common smishing pretexts are messages supposedly from your bank alerting you to suspicious activity.

In this example, the message suggests that you have been the victim of fraud and tells you to follow a link to prevent further damage. However, the link directs the recipient to a website controlled by the fraudster and designed to capture your banking details.

5. Angler phishing

A relatively new attack vector, social media offers several ways for criminals to trick people. Fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade people to divulge sensitive information or download malware. 

Alternatively, criminals can use the data that people willingly post on social media to create highly targeted attacks.

As this example demonstrates, angler phishing is often made possible due to the number of people containing organisations directly on social media with complaints.

Organisations often use these as an opportunity to mitigate the damage – usually by giving the individual a refund.

However, scammers are adept at hijacking responses and asking the customer to provide their personal details. They are seemingly doing this to facilitate some form of compensation, but it is instead done to compromise their accounts.

Your employees are your last line of defence

Organisations can mitigate the risk of phishing with technological means, such as spam filters, but these have consistently proven to be unreliable. 

Phishing Staff Awareness Course

Malicious emails will still get through regularly, and when that happens, the only thing preventing your organisation from a breach is your employees’ ability to detect their fraudulent nature and respond appropriately. 

Our Phishing Staff Awareness Course helps employees do just that, as well as explaining what happens when people fall victim and how they can mitigate the threat of an attack.

The Science of Human Hacking

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: phishing attack

May 08 2022

1000s of phishing emails sent from NHS inboxes

Category: PhishingDISC @ 10:44 am
1000s of phishing emails sent from NHS inboxes

New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period.

The firm has claimed that the campaign, beginning October 2021, escalated “dramatically” in March of this year.

After the findings were reported to the NHS on April 13, Inky reported that the volume of attacks fell significantly to just a “few”.

“The majority were fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials. All emails also had the NHS email footer at the bottom,” Inky explained.

fishing pole

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails 

Scams: Learn valuable skills to avoid being scammed by frauds. Real experiences of fraud detection, Fraud Examination, phishing emails, scam calls & more.

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: NHS, Phishing Dark Waters, phishing emails, Phishing scams

Apr 26 2022

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Category: PhishingDISC @ 9:02 am
Phishing goes KISS: Don’t let plain and simple messages catch you out!

We’re sure you’ve heard of the KISS principle: Keep It Simple and Straightforward.

In cybersecurity, KISS cuts two ways.

KISS improves security when your IT team avoids jargon and makes complex-but-important tasks easier to understand, but it reduces security when crooks steer clear of mistakes that would otherwise give their game away.

For example, most of the phishing scams we receive are easy to spot because they contain at least one, and often several, very obvious mistakes.

Incorrect logos, incomprehensible grammar, outright ignorance about our online identity, weird spelling errors, absurd punctuation!!!!, or bizarre scenarios (no, your surveillance spyware definitely did not capture live video through the black electrical tape we stuck over our webcam)



all these lead us instantly and unerringly to the [Delete] button.

If you don’t know our name, don’t know our bank, don’t know which languages we speak, don’t know our operating system, don’t know how to spell “respond immediately”, heck, if you don’t realise that Riyadh is not a city in Austria, you’re not going to get us to click.

Instagram scammers as busy as ever: passwords and 2FA codes at risk

That’s not so much because you’d stand out as a scammer, but simply that your email would advertise itself as “clearly does not belong here”, or as “obviously sent to the wrong person”, and we’d ignore it even if you were a legitimate business. (After that, we’d probably blocklist all your emails anyway, given your attitude to accuracy, but that’s an issue for another day.)

Indeed, as we’ve often urged on Naked Security, if spammers, scammers, phishers or other cybercriminals do make the sort of blunder that gives the game away, make sure you spot their mistakes, and make them pay for their blunder by deleting their message at once.

KISS, plain and simple

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails

Tags: phishing

Apr 21 2022

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Category: Cyber Threats,Cybercrime,PhishingDISC @ 8:28 am
Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors.

Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the U.S. April 18th, 2022 – there was a notable campaign detected which leveraged phishing e-mails impersonating the IRS, and in particular one of the industry vendors who provide solutions to government agencies which including e-mailing, digital communications management, and the content delivery system which informs citizens about various updates.

Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), that’s why you need to be especially careful during these times.

The IT services vendor actors impersonated is widely used by major federal agencies, including the DHS, and other such WEB-sites of States and Cities in the U.S. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns by Mimicking Government Vendors

Notably, the e-mail doesn’t contain any URLs, and has been successfully delivered to the victim’s inbox without getting flagged as potential spam. Based on the inspected headers, the e-mail has been sent through multiple “hops” leveraging primarily network hosts and domains registered in the U.S.:

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns by Mimicking Government Vendors

It’s worth noting, on the date of detection none of the involved hosts have previously been ‘blacklisted’ nor have they had any signs of negative IP or abnormal domain reputation:

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns by Mimicking Government Vendors

The HTML attachment with the fake IRS invoice contains JS-based obfuscated code.

IRS Internal Revenue Service

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: IRS Tax Scams, phishing, phishing countermeasures

Feb 25 2022

Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

Category: Information Security,Malware,PhishingDISC @ 10:02 am
Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel.

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.

The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151.

In mid-January, the government of Kyiv attributed the defacement of tens of Ukrainian government websites to Belarusian APT group UNC1151. Defaced websites were displaying the following message in Russian, Ukrainian and Polish languages.

“Ukrainian! All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered. All information about you stab (public, fairy tale and wait for the worst. It is for you for your past, the future and the future. For Volhynia, OUN UPA, Galicia, Poland and historical areas.” reads a translation of the message.

In November 2021, Mandiant Threat Intelligence researchers linked the Ghostwriter disinformation campaign (aka UNC1151) to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

Unlike other disinformation campaigns, GhostWriter doesn’t spread through social networks, instead, threat actors behind this campaign abused compromised content management systems (CMS) of news websites or spoofed email accounts to disseminate fake news.

Now Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters, that the Ukrainian government blamed the UNC1151 APT group. Demedyuk explained that the attacks were carried out to cover for more destructive actions behind the scenes. 

The nation-state group is using the compromised accounts to target contacts in the victims’ address books. Attackers spear-phishing messages have been sent from email accounts using the domains 

i.ua-passport.space
 and 
id.bigmir.space
.

The phishing messages used a classic social engineering technique in the attempt to trick victims into providing their information to avoid the permanent suspension of their email accounts.

The phishing attacks are also targeting Ukrainian citizens, reported the State Service of Special Communications and Information Protection of Ukraine (SSSCIP).

Phishing and Communication Channels: A Guide to Identifying and Mitigating Phishing Attacks

Tags: spear-phishing

Feb 15 2022

How to Detect Phishing Mails and Websites

Category: PhishingDISC @ 10:18 am
How to Detect Phishing Mails and Websites

Concerning e-mails, pay attention to the following features:

  • Impersonal form of address:The sender of the e-mail does not know your correct name. The mail begins with “Dear costumer” instead of “Dear Mrs. / Mr. XY”. Perhaps you name is inserted, but misspelled.
  • The sender is using threads:The sender threatens you, e.g. “if you don’trefresh your password you account will be locked”.
  • Request for confidential data:You are straightforwardly asked for confidential data like your PIN / password, your online bank access or your credit card number.The whole thing is backed up with a threat.
  • Links and forms:The e-mail contains forms and links which you are obliged to use if you do not want to receive any disadvantages.
  • Bad language:Sometimes, not always, the messages are written in bad English, sometimes interspersed with Cyrillic letters or special character like $ or &.

Be vigilant even with well-worded texts! If in doubt, always check with the alleged sender, for example you house bank or Amazon. Go to the original website to contact the real customer service, don’t use any links or e-mail-addresses you find in the mail.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails

Tags: Phishing Mails and Websites

Feb 14 2022

Analyzing Phishing attacks that use malicious PDFs

Category: PhishingDISC @ 10:20 am
Analyzing Phishing attacks that use malicious PDFs

Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks

Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis and I went straight to the point to make this reading simple and fast.

Here is the received email as it was from the Caixa Economica Federal bank, but we can see the sender uses Gmail services and a strange name.

phishing PDFs

verified this e-mail header using MXtoolbox, and we can see the IP used by the sender (attacker).

phishing PDFs

Below is the reputation of the IP used by the attacker.

phishing PDFs

We can see this IP has a lot of mentions about malicious activities.

phishing PDFs

I downloaded this file in my VPS (Kali Linux) and used peepdf to do an analysis of the file structure, and I found 2 URIs in objects 3 and 5.

After I checked objects 3 and 5 using pdf-parser, I discovered a malicious URL in the 3.

Tools used during the analysis:

Phishing Attacks: Advanced Attack Techniques

Tags: phishing attacks

Feb 04 2022

Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Category: PhishingDISC @ 12:31 pm
Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year.

Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year.

The IT giant added has blocked more than 25.6 billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021.

Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. However, only 22 percent of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented a strong identity authentication protection as of December 2021. 

“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves. From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.” states Microsoft.

Microsoft added that its Defender for Endpoint blocked more than 9.6 billion malware threats
targeting enterprise and consumer customer devices, between January and December 2021.

Microsoft pointed out that online threats are increasing in volume, velocity, and level of sophistication. The company introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research.

Cyber Signals provide trend analysis and practical guidance to strengthen the defense of its customers. 

“With Cyber Signals, we’ll share trends, tactics, and strategies threat actors use to gain access to the hardware and software that houses one’s most sensitive data. We will also help inform the world on how, collectively, we can protect our most precious digital resources and our digital lives so we can build a safer world together.” concludes Microsoft.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails 

IBM Cybersecurity Fundamentals Professional Certificate

Tags: brute-force, phishing attacks

Dec 02 2021

How phishing kits are enabling a new legion of pro phishers

Category: PhishingDISC @ 12:46 pm
How phishing kits are enabling a new legion of pro phishers

It’s no wonder then that so many use phishing as their default attack method. Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.

After analyzing three months of phishing email traffic, we found that most attacks follow the money to either big tech or leading financial firms. Facebook, Apple and Amazon were the most popular tech brands being spoofed in phishing URLs. On the financial side, Charles Schwab was by far the most popular target, and was the most used brand URL overall, accounting for 13.5 percent of all cases. Chase Bank – an American subsidiary of JP Morgan Chase & Co – RBC Royal Bank and Wells Fargo were also widely used in phishing URLs.

Our investigation found that Chase has received a growing level of attention from cyber criminals over the last year, so we took a deeper dive into the tactics being used to target the bank’s customers.

The shift to mobile

One of the most prominent trends apparent in our investigation was the growing focus on mobile devices as part of phishing attacks. SMS text messages, WhatsApp and other mobile messaging services are increasingly used to launch attacks.

Attackers are adopting these methods in response to stronger email security solutions. The average mobile device is less likely to be well secured against phishing compared to a desktop endpoint. Even if the mobile device has a business email application on it, channels such as SMS and WhatsApp will bypass any anti-phishing protection it might have.

Threat actors may also mix email and mobile messaging in a single attack, for example sending a phishing email which includes a QR code that must be scanned by a smartphone, thereby jumping the attack over to the mobile endpoint. We have seen an uptick in QR-based attacks as the relatively overlooked technology became more popular during the pandemic. These attacks are again effective at evading traditional email security tools, as the QR code itself is not a malicious asset and its link destination cannot be read by detection technologies optimized for text URLs and virus signatures.

Mobile-based phishing attacks are also harder to identify due to mobile devices’ smaller screen and simplified layout, compounding the lack of security solutions on mobile.

How phishing kits mean anyone can phish like a pro

Cyber Fraud: Tactics, Techniques and Procedures

Tags: Cyber Frauds, phishing kits

Oct 13 2021

How Coinbase Phishers Steal One-Time Passwords

Category: Information Security,PhishingDISC @ 2:40 pm

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.

Coinbase is the world’s second-largest cryptocurrency exchange, with roughly 68 million users from over 100 countries. The now-defunct phishing domain at issue — coinbase.com.password-reset[.]com â€” was targeting Italian Coinbase users (the site’s default language was Italian). And it was fairly successful, according to Alex Holden, founder of Milwaukee-based cybersecurity firm Hold Security.

More details on: How Coinbase Phishers Steal One-Time Passwords

Tags: Phishers Steal One-Time Passwords

Oct 13 2021

Cybersecurity awareness month: Fight the phish!

Category: Information Security,PhishingDISC @ 8:44 am
Cybersecurity awareness month: Fight the phish!

It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight the Phish!

Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it’s what computer scientists or mathematical analysts call a solved game.

Tic-tac-toe (noughts and crosses outside North America), for example, is a solved game, because it’s easy to create a list of every possible play, and figure out the best possible move from every game position on the list. (If neither player makes a mistake then the game will always be a draw.)

Even games that are enormously more complex have been “solved” in this way too, such as checkers (draughts)



and in comparison to playing checkers, spotting phishing scams feels like an easy contest that the recipient of the message should always win.

And if phishing is a “solved game”, surely it’s not worth worrying about any more?

How hard can it be?

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails

Don’t Get Caught

Tags: Cybersecurity Awareness Month 2021, Fight the phish, phishing, phishing countermeasures, Phishing Dark Waters

Sep 21 2021

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

Category: PhishingDISC @ 11:23 am

Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.

Hackers are upping their game, using an approach I call “Deep Sea Phishing,” which is the use of a combination of the techniques described below to become more aggressive. To keep pace, cybersecurity innovators have been working diligently to develop tools, techniques and resources to improve defenses. But how can organizations fight against evolving threats that have yet to be launched—or even conceived of?

For example, in February, 10,000 Microsoft users were targeted in a phishing campaign which sent emails purporting to be from FedEx, DHL Express and other couriers which contained links to phishing pages hosted on legitimate domains, with the goal of obtaining recipients’ work email credentials. Use of legitimate domains allowed the emails to evade security filters, and people’s pandemic-related reliance on delivery services and habituation to similar messages boosted success rates.

And in May, attackers launched a massive, sophisticated payment-themed phishing campaign. The phishing emails urged users to open an attached “payment advice” – which was, in fact, not an attachment at all but rather an image containing a link to a malicious domain. When opened, Java-based STRRAT malware was downloaded onto the endpoint and via a command-and-control (C2) server connection, ran backdoor functions such as collecting passwords from browsers, running remote commands and PowerShell, logging keystrokes and other criminal activity.

Phishing is no longer the basement-brewed, small-scale nuisance of cyber lore, either. Today, nearly 70 percent of cyberattacks – like like those cited above – are orchestrated by organized crime or nation-state affiliated actors. With many recovery tabs running into the millions, organizations need a solution that can safeguard them from attacks that have not yet been engineered — i.e., zero-day attacks that can cause the most damage.

But before we tackle the issue of defense, let’s first take a look at just what we’re defending against. The types of phishing tactics noted below are listed in ascending order of sophistication.

Types of Phishing

Tags: Deep-Sea Phishing

Sep 16 2021

Phishing Staff Awareness Training

Category: PhishingDISC @ 10:08 am

Microsoft has been warning of a “widespread” phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials.

ITG Phishing Staff Awareness Training Program educates your staff on how to respond to these types phishing attacks 📧

Phishing Staff Awareness E-Learning Course

Phishing Staff Awareness E-Learning Course

Tags: phishing, phishing training

Aug 30 2021

Men, Executives Pose Higher Cybersecurity Risk

Category: Cyber Threats,Phishing,social engineeringDISC @ 1:12 pm
Men, Executives Pose Higher Cybersecurity Risk

When it comes to online behaviors, women are far safer than men, according to a wide-ranging survey from SecurityAdvisor.

Despite the fact that women made up 42% of the sample data, they account for 48% of the top safe users and only 26% of risky users. Men, on the other hand, account for 74% of risky users: A big driver of these risky behaviors stems from men’s and women’s online behaviors.

According to SecurityAdvisor’s data, men are more likely to visit dangerous adult websites, use P2P software and watch pirated content than women.

SecurityAdvisor analyzed more than 500,000 malicious emails and an additional 500,000+ dangerous website visits by enterprise employees in more than twenty countries. Employees range from entry-level to executives and operate across many industries, including health care, financial services, communications, professional services, energy and utilities, retail and hospitality.

“Our partner here, Kelley McElhaney from Berkeley University, noted that women are more aware of long-term ramifications of risky behaviors,” SecurityAdvisor CEO Sai Venkataraman said. “Also, society tends to tolerate failures by dominant groups better, hence men don’t fear the consequences or fear consequences less.”

He also pointed out that men, from an early age, are socialized to take risks and win, hence they are less afraid of a potential negative outcome and engage in riskier behaviors.

cybersecurity alert fatigue

C-Level Executives are Prime Targets

CYBER SECURITY FOR TOP EXECUTIVES: Everything you need to know about Cybersecurity by [Alejandra Garcia]
CYBER SECURITY FOR TOP EXECUTIVES

Tags: Higher Cybersecurity Risk

Apr 07 2021

Crooks use Telegram bots and Google Forms to automate phishing

Category: PhishingDISC @ 9:04 am
Crooks use Telegram bots and Google Forms to automate phishing

Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Alternative ways to obtain data help cybercriminals keep it safe and start using the information immediately. In addition, ready-to-go platforms that automate phishing and which are available on the darknet also have Telegram bots at their core, with an admin panel that is used to manage the entire process of the phishing attack and keep financial records linked to them. Such platforms are distributed under the cybercrime-as-a-service model, which subsequently leads to more groups conducting attacks. They also widen the scope of cybercriminal activity.

Group-IB’s Computer Emergency Response Team (CERT-GIB) analyzed the tools used to create phishing web pages (phishing kits) and discovered that, in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organizations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.

A phishing kit is a toolset that helps create and operate phishing web pages that mimic a specific company or even several at once. Phishing kits are usually sold on underground forums on the darknet. For cybercriminals who do not have strong coding skills, phishing kits are a way to effortlessly build infrastructure for large-scale phishing campaigns and quickly resume an operation if it’s blocked. By extracting phishing kits, cybersecurity analysts can identify the mechanism used to carry out the phishing attack and figure out where the stolen data is sent. In addition, a thorough examination of phishing kits helps analysts detect digital traces that might lead to the developers of the phishing kit.

In 2020, as in the previous year, the main target for cybercriminals were online services (30.7%). By stealing user account credentials, hackers gain access to the data of linked bank cards. Email services became less appealing last year, with the share of phishing kits targeting them dropping to 22.8%. Financial institutions turned out to be the third favorite among scammers, with their share totaling above 20%. In 2020, the brands most often exploited in phishing kits were Microsoft, PayPal, Google, and Yahoo.

Tags: phishing threats

Mar 08 2021

Catches of the month: Phishing scams for March 2021

Category: PhishingDISC @ 12:10 am
Catches of the month: Phishing scams for March 2021

Feb 12 2021

How to Keep your Company safe from Phishing Attacks

Category: PhishingDISC @ 12:14 pm
How to Keep your Company safe from Phishing Attacks

Jan 31 2021

Security Awareness – Phishing and Ransomware

Category: Phishing,RansomwareDISC @ 11:44 pm

Jan 22 2021

Key 2021 Insights: Proactive Security Needed for Ransomware, Phishing

Category: Information Security,Phishing,RansomwareDISC @ 12:03 pm

Healthcare leaders will need to shift into a proactive security approach into 2021, if they hope to defend against the onslaught of ransomware and phishing threats.

The ransomware surge during the last few months has already continued into 2021. And though the malware will remain a key trend into this year, healthcare industry stakeholders will need adopt a proactive security approach and secure key entry points, including phishing threats and vulnerable endpoints.

Listen to the full podcast to learn more about Xtelligent Healthcare Media’s predictions for 2021. And don’t forget to subscribe on iTunes, Spotify, or Google Podcasts.

Xtelligent Healthcare Media Editors recently compiled predictions for the healthcare sector in the year ahead on a Healthcare Strategies podcast episode. In the healthcare security space, leaders can expect continued email-based attacks and other schemes that prey on COVID-19 fears.

Source: Proactive Security Needed for Ransomware, Phishing

Sep 24 2020

SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!

Category: PhishingDISC @ 11:01 pm

If you got someone else’s “free offer” in what looked like a misdirected message, would you take a peek?

Dear Christopher, we have your packet in queue. Address: Londonderry, 
Ballynagard crescent http COLON SLASH SLASH xxxxxxxx DOT com SLASH zzzzzzz

The message is meant to look as though it was sent to the wrong number, so the crooks are relying on you being intrigued enough to click through, whereupon they use some sneaky “reverse authentication” psychology to lure you in further

Source: SMS phishing scam pretends to be Apple “chatbot” – don’t fall for it!




« Previous PageNext Page »