Ah, phishing. It’s cybercriminals’ favorite fraud technique because it’s the easiest bait to reel in their victims.
The aim is to deceive and exploit, often for financial gain. To do this, attackers would trick their target into clicking malicious links or downloading malware that would steal sensitive information. That includes theft of passwords, credit card numbers, bank account details, and other confidential information.
That’s the general gist, but cybersecurity company Kaspersky delves into how a phishing campaign happens. Mainly targeted phishing attacks aimed at businesses worldwide that were spotted by the company in April 2022.
First, the scammers would send an email pretending to be a potential client and ask for information about the victim’s products and services. Once the victim replies to this email, the attackers will launch a phishing attack.
Stage 1
Attackers email the victim company pretending to be a legit trade organization, to ask for more information about their products. The email looks believable and has no suspicious elements, such as phishing links or attachments.
However, the only bit suspicious in the email would be the address, which bears a free domain (like gmail.com). Remember, free domains are rarely used in business. And it’s also common for attackers to use free domains for targeted phishing.
Most often, in targeted attacks, attackers either use spoofing of the legitimate domain of the organization they are pretending to be or register domains similar to the original one.
Stage 2
After victims respond to a first email, attackers send a new message, asking them to go to a file-sharing site and view a PDF file with a completed order, which can be found via the link.
Stage 3
By clicking the link, the user is taken to a fake site generated by a well-known phishing kit. It is a relatively simple tool that generates phishing pages to steal credentials from specific resources. Our solutions blocked fake WeTransfer and Dropbox pages created with this kit.
Stage 4
When victims attempt to log in, their usernames and passwords are sent to the attackers.
This particular campaign peaked in May and ended in June 2022. It targets several countries: Russia, Bosnia and Herzegovina, Singapore, USA, Germany, Egypt, Thailand, Turkey, Serbia, Netherlands, Jordan, Iran, Kazakhstan, Portugal, and Malaysia.
“Clearly, phishing is a tool used frequently by cybercriminals. Because its nature requires a user’s participation – the mere clicking a link or opening of a file – it’s urgent for everyone to know how phishing really works so we can avoid falling prey against it,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.
Leave a comment