Cyber Security

Scammer Phishes But Don’t Take the Byte: A Closer Look at Phishing Campaigns by Kaspersky

235
(source: Markus Spiske | Unsplash)

Ah, phishing. It’s cybercriminals’ favorite fraud technique because it’s the easiest bait to reel in their victims.

The aim is to deceive and exploit, often for financial gain. To do this, attackers would trick their target into clicking malicious links or downloading malware that would steal sensitive information. That includes theft of passwords, credit card numbers, bank account details, and other confidential information.

That’s the general gist, but cybersecurity company Kaspersky delves into how a phishing campaign happens. Mainly targeted phishing attacks aimed at businesses worldwide that were spotted by the company in April 2022.

First, the scammers would send an email pretending to be a potential client and ask for information about the victim’s products and services. Once the victim replies to this email, the attackers will launch a phishing attack.

Stage 1

Attackers email the victim company pretending to be a legit trade organization, to ask for more information about their products. The email looks believable and has no suspicious elements, such as phishing links or attachments.

Example of the first email

However, the only bit suspicious in the email would be the address, which bears a free domain (like gmail.com). Remember, free domains are rarely used in business. And it’s also common for attackers to use free domains for targeted phishing.

Most often, in targeted attacks, attackers either use spoofing of the legitimate domain of the organization they are pretending to be or register domains similar to the original one.

Stage 2

After victims respond to a first email, attackers send a new message, asking them to go to a file-sharing site and view a PDF file with a completed order, which can be found via the link.

An email with a link

Stage 3

By clicking the link, the user is taken to a fake site generated by a well-known phishing kit. It is a relatively simple tool that generates phishing pages to steal credentials from specific resources. Our solutions blocked fake WeTransfer and Dropbox pages created with this kit.

A fake Dropbox page

Stage 4

When victims attempt to log in, their usernames and passwords are sent to the attackers.

HTML representation of a phishing form

This particular campaign peaked in May and ended in June 2022. It targets several countries: Russia, Bosnia and Herzegovina, Singapore, USA, Germany, Egypt, Thailand, Turkey, Serbia, Netherlands, Jordan, Iran, Kazakhstan, Portugal, and Malaysia.

“Clearly, phishing is a tool used frequently by cybercriminals. Because its nature requires a user’s participation – the mere clicking a link or opening of a file – it’s urgent for everyone to know how phishing really works so we can avoid falling prey against it,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Tenable’s Research Discovers Vulnerable Cyber Assets Across SEA’s Financial Sector

Exposure Management Company Tenable conducted new research that uncovered over 26,500 potential...

Kaspersky Warns of Fake Fundraisers For the Telegram Founder Advocacy

In the wake of developments about Pavel Durov, founder of Telegram, being...

Overcoming Challenges and Easing the Workload for Cybersecurity Teams with AI — Kaspersky

In dealing with various amounts of cyberattacks on a daily basis, especially...

Say Goodbye to Fakes: Kaspersky Enhances Automated Security Awareness Platform with AI-Centric Course Module

Kaspersky launched a new AI-focused module in its Automated Security Awareness Platform...