Tag Archives: Phishing

Posted on Author Atlantic Computer Services Categories Blog

Voicemail Phishing Attacks Called Vishing Are On The Rise

While “vishing” is by no means a new threat, it’s not something that has ever happened with sufficient frequency to get most people’s attention. So, if you haven’t heard the term before, you’re not alone.

“Vishing” is short for voicemail phishing, and it is apparently on the rise based on data collected by the security firm Zscaler. Attackers are specifically targeting tech firms and US military installations.

No actual voice mails are involved, which is interesting.  What the attackers do is send emails with links that supposedly point the way to voicemail messages stored on LinkedIn, WhatsApp, or other services. The idea behind the attacks are is to trick an unsuspecting recipient into disclosing his or her Outlook or Office 365 credentials.

To make their credential capture page more convincing, the attackers have even taken to deploying a CAPTCHA system, which makes the page look just annoying enough to be legitimate.

A spokesman for Zscaler had this to say about the company’s recent discovery of the surge in vishing attacks:

“Voicemail-themed phishing campaigns continue to be a successful social engineering technique for attackers since they are able to lure the victims to open the email attachments. This combined with the usage of evasion tactics to bypass automated URL analysis solutions helps the threat actor achieve better success in stealing the users’ credentials.”

The folks at Zscaler have a point. If your employees haven’t been made aware that this kind of attack is not only possible but growing in popularity in certain sectors, make sure they know what to be on the lookout for. Kudos to the sharp-eyed folks at Zscaler for spotting the trend.

We may not be able to keep hackers from making the attempt. However, if we can warn enough people about the tricks they’re using, we can frustrate their efforts and that’s a good start.

0
Posted on Author Atlantic Computer Services Categories Blog

Massive Phishing Attack Scammed Millions Of Facebook Messenger Users

According to research conducted by the cybersecurity firm PIXM, there is a massive phishing campaign that peaked in April and May of this year (2022) and it is still ongoing.

The campaign has lured millions of unsuspecting users to phishing pages by abusing Facebook and Facebook Messenger and tricking users into entering their account credentials.

Worse, the hackers then used those credentials to send additional phishing messages to friends of the affected users, luring them in as well and continuing the chain.

All told, the group behind the attack has been able to generate millions of dollars in revenue using these tactics.

Worst of all is that PIXIM’s research shows that this has been a long running campaign.  Although the group has only recently discovered it, the evidence they’ve uncovered shows that the campaign has been ongoing since at least September of 2021.

The group’s research is ongoing but so far they’ve found more than four hundred Facebook accounts tied to the campaign, which contain hooks to phishing pages.  Some of these poisoned profile pages have only been viewed a few thousand times. In other cases, they boast millions of views and of course, each view represents another potential victim.

Based on what the group has been able to piece together, they determined that in 2021 a total of 2.7 million users had visited one of the phishing pages. As of today, more than 8.5 million people have been lured to the phishing pages with no clear end in sight.

While this represents a tiny fraction of the total number of Facebook users on the platform, it is nonetheless a massive campaign.  If you’re a regular Facebook user, stay vigilant.  There are groups out there right now that are actively trying to lure you in and steal your data.  Don’t let that happen to you, your family, friends, or your coworkers.

0
Posted on Author Atlantic Computer Services Categories Blog

 New Phishing Attacks Use HTML Email Attachments

HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it.  The security company detected more than two million emails of this kind targeting Kaspersky customers in the first four months of the year (2022).

The specific breakdown of monthly instances looks like this:

  • January 2022: 299,859 instances
  • February 2022: 451,020 instances
  • March 2022: 851,328 instances
  • And April 2022: 386,908 instances

The researchers aren’t clear on exactly what caused the huge spike in March but they note that it returned to expected levels the month following.

Using HTML attachments as an attack vector saw a big spike in 2019 and then it seemed to fall out of favor. The number of instances dropped markedly and prompted some security researchers to conclude that, based on current trajectories, the attack vector was on the way out.

The last four months seem to have disproved that notion and HTML attachments are back in fashion in the underbelly of the web.

It’s important to remember that merely opening these files is in many cases enough to have JavaScript run on your system. That could lead to the target system being hijacked using a malware-assembly-on-disk scheme that could allow it to bypass antivirus software entirely.

This isn’t something that gets mentioned very often in employee email safety training, but it should be.

As ever, the best defense against any type of phishing attack is to treat any incoming email message from a sender you don’t know with a healthy dose of skepticism. If that email contains an attachment, those attachments should be treated even more skeptically.

0
Posted on Author Atlantic Computer Services Categories Blog

New Phishing Attack Delivers Three Types Of Malware To Victims

Phishing campaigns get more effective the more closely they can imitate a trusted source.  Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect.

Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the infected system to secretly mine for cryptocurrency, which finds its way into a wallet controlled by the hackers.

To lure victims into infecting themselves, the Phishing campaign’s contact emails are all designed to appear as a payment report from a legitimate trusted source, which contains an attached Microsoft Excel document. It is conveniently included for the recipient’s review. Naturally, anyone opening the attached document dooms themselves, as it is poisoned and contains scripts designed to install malicious payloads in the background.

Phishing campaigns remain one of the most popular infection methods in the hacking world.  They tend to gravitate to those techniques that work and require relatively little in the way of effort.

Phishing fits that bill perfectly.  It’s usually a trivial matter to create an email that’s virtually identical to one you might get from a trusted source, and hackers have been poisoning Microsoft Excel files since the earliest days of the internet.

As ever, the best defense against these types of attacks is vigilance and mindfulness.  A quick phone call to the trusted source that supposedly sent you the email communication is almost always enough to verify whether it is real. Shockingly, few users take this step.

In a similar vein, clicking on embedded links in an email or downloading files should be done with a healthy dose of caution. That includes another phone call to the trusted source to be sure they did in fact send you something.

Unfortunately, that’s a lot easier to teach than it is to implement, as employees don’t have a good track record with either of those things.

0
Posted on Author Atlantic Computer Services Categories Blog

Popular Service Being Used To Send Phishing Emails

Google SMTP relay service is wildly popular and used every day by legions of users.  Unfortunately, hackers around the world are aware of this and increasingly they’ve begun abusing the SMTP relay service.

The basic idea is as follows. Some clever hackers have figured out that they can bypass email security products and deliver malicious emails to their intended targets if they take advantage of certain weaknesses in Google’s SMTP relay service.

Researchers at the security firm Avanan have been tracking the phenomenon and have confirmed a sudden, dramatic spike in threat actors abusing the SMTP relay service beginning in April of this year (2022).

The relay service is offered by Google as part of Gmail and Google Workspace as a means of routing outgoing user emails.

Use of the SMTP relay is mostly a matter of convenience, as it means that users don’t have to manage an external server for marketing emails. So there’s no worry that their mail server may get added to someone else’s blocked list.

It is very handy but unfortunately, hackers have discovered that they can use the SMTP relay service to spoof other Gmail tenants without being detected, with one very important catch and caveat. If those domains have a DMARC policy configured with the ‘reject’ directive, the game is up, and the hacker’s attempt will fail.

Although this can be a serious problem, it also has a simple solution.  Just set a fairly strict DMARC policy and you’ll minimize your risk of your users falling victim to this type of attack.

As Google indicated on a recent blog post on this very topic:

“We have built-in protections to stop this type of attack. This research speaks to why we recommend users across the ecosystem use the Domain-based Message Authentication, Reporting & Conformance (DMARC) protocol. Doing so will defend against this attack method, which is a well-known industry issue.”

It’s good advice.  If you aren’t sure whether you’ve got a strict DMARC policy set, find out from your IT staff. If not, have them implement one right away.

0
1 2 3 4 5 13