Cyber Security

Scammer Phishes But Don’t Take the Byte: A Closer Look at Phishing Campaigns by Kaspersky

(source: Markus Spiske | Unsplash)

Ah, phishing. It’s cybercriminals’ favorite fraud technique because it’s the easiest bait to reel in their victims.

The aim is to deceive and exploit, often for financial gain. To do this, attackers would trick their target into clicking malicious links or downloading malware that would steal sensitive information. That includes theft of passwords, credit card numbers, bank account details, and other confidential information.

That’s the general gist, but cybersecurity company Kaspersky delves into how a phishing campaign happens. Mainly targeted phishing attacks aimed at businesses worldwide that were spotted by the company in April 2022.

First, the scammers would send an email pretending to be a potential client and ask for information about the victim’s products and services. Once the victim replies to this email, the attackers will launch a phishing attack.

Stage 1

Attackers email the victim company pretending to be a legit trade organization, to ask for more information about their products. The email looks believable and has no suspicious elements, such as phishing links or attachments.

Example of the first email

However, the only bit suspicious in the email would be the address, which bears a free domain (like Remember, free domains are rarely used in business. And it’s also common for attackers to use free domains for targeted phishing.

Most often, in targeted attacks, attackers either use spoofing of the legitimate domain of the organization they are pretending to be or register domains similar to the original one.

Stage 2

After victims respond to a first email, attackers send a new message, asking them to go to a file-sharing site and view a PDF file with a completed order, which can be found via the link.

An email with a link

Stage 3

By clicking the link, the user is taken to a fake site generated by a well-known phishing kit. It is a relatively simple tool that generates phishing pages to steal credentials from specific resources. Our solutions blocked fake WeTransfer and Dropbox pages created with this kit.

A fake Dropbox page

Stage 4

When victims attempt to log in, their usernames and passwords are sent to the attackers.

HTML representation of a phishing form

This particular campaign peaked in May and ended in June 2022. It targets several countries: Russia, Bosnia and Herzegovina, Singapore, USA, Germany, Egypt, Thailand, Turkey, Serbia, Netherlands, Jordan, Iran, Kazakhstan, Portugal, and Malaysia.

“Clearly, phishing is a tool used frequently by cybercriminals. Because its nature requires a user’s participation – the mere clicking a link or opening of a file – it’s urgent for everyone to know how phishing really works so we can avoid falling prey against it,” said Adrian Hia, Managing Director for Asia Pacific at Kaspersky.

Written by
Tech Beat Philippines

Tech Beat Philippines is the social media news platform for all things technology. It is also a part of the GEARS section on Daddy's Day Out.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Daddy’s Day Out is a platform that celebrates modern masculinity and offers a space where men can unite, learn, and grow together. It fosters a community where authenticity, support, and self-expression thrive unapologetically.

Related Articles

Ahead of the Curve: Kaspersky’s Projections for 2024’s Advanced Threats Landscape

Kaspersky Global Research and Analyses Team (GReAT) experts offer insights and projections...

Staff Missteps Equally Damaging As Hacking in APAC, Reveals Kaspersky’s Global Study

According to a study by Kaspersky, insider breaches are as risky as...

Scam Rates Soar: Philippines Leads with Highest Shopping Scam Rate among 11 Asian Nations at 36%

The Cybercrime Investigation and Coordinating Center (CICC) issued a public warning to...

Beware of Online Fake Accounts Using NAIA, Warns Airport General Manager 

General manager Bryan Co of Manila International Airport Authority (MIAA) warns against...