Phishers Using Increasingly Convincing Lures in 2021!

Share This Post

An intense hunt for corporate account credentials will continue into the next quarter, researchers have predicted.

Variants on banking scams & corporate-account hunters using increasingly clever lures, including those with COVID-19 vaccine promises, will likely dominate the spam & phishing landscape throughout Q2 2021, concluded researchers.

Seemingly no new wild trends have emerged, but Kaspersky researchers, who just released their report for Q1 2021, observed that the spear-phishing tactics attackers are using against victims are improving.

QR-Code Phishing Lures

For example, mobile banking scams are far from new, however, attackers have  now developed a couple of new methods.

In 1 case from Q1 2020, Kasperky reported that clients of several Dutch banks received a fraud email which prompted them to scan a QR code to “unlock” mobile banking. Instead, they were directed to a web page loaded with malware.

QR codes are an increasingly popular tool for threat players, especially since the pandemic. They have been used to access menus, check-in for vaccines & get public information.

Banking Scam

Another banking scam observed by Kaspersky researchers sent a fake newsletter posing as legitimate correspondence from MKB bank with updates on COVID-19, but instead delivered a scam Outlook sign-in page, attempting to harvest credentials.

Other phishing lures observed last quarter by Kaspersky included offers of government pay-outs, intended to steal credit-card information & personal data.

Vaccine Lures

COVID-19 vaccines are the most important topic around the world, & malicious players have capitalised on this over past several weeks.

“Cyber-criminals took advantage of people’s desire to get vaccinated as quickly as possible,” according to the report.

“For instance, some UK residents received an email that appeared to come from the NHS. In it, the recipient was invited to be vaccinated, having 1st confirmed their participation in the program by clicking on the link.”

Another particularly despicable COVID scam email specifically targeted people over 65 seeking a vaccine, the researchers also added.

Bank-Card Details

“In both cases, to make a vaccination appointment, a form had to be filled out with personal data; & in the 1st case, the phishers also wanted bank-card details,” the report explained. “If the victim followed all the instructions on the fake website, they handed their money and personal data to the attackers.”

Fraudsters also sent out scam vaccination surveys, which were emails doctored up to look like they were from pharmaceutical companies making vaccines, asking for input.

“Participants were promised a gift or cash reward for their help,” the report added. “After answering the questions, the victim was redirected to a page with the ‘gift.’”

The victim was then asked for personal information, or in some cases, even payment information to pay for delivery of the “prize.”

Scammers also sent emails convincingly disguised to look like they were sent from Chinese vaccine-makers.

Corporate Credentials

Because consumers are getting better at spotting scams, attackers are getting expert at making their communications seem real. This is especially important in trying to score what Kaspersky calls “a coveted prize for scammers:” corporate usernames & passwords.

“To counter people’s increasingly wary attitude to emails from outside, attackers try to give their mailings a respectable look, disguising them as messages from business tools & services,” Kaspersky observed. “By blending into the workflow, the scammers calculate that the user will be persuaded to follow the link & enter data on a fake page.”

Malicious Link

The team observed a malicious link being delivered through Microsoft Planner, and in Russia, they discovered an email posing as a message from an analytics portal support team. Both asked for corporate-account credentials.

“Old techniques, such as creating a unique fake page using JavaScript, were combined in Q1 with overtly business-themed phishing emails,” the report observed. “If previously scammers used common, but not always business-oriented, services as bait, the new batch of emails cited an urgent document awaiting approval or contract in need of review.”

The ‘Less is More’ Lure

Another interesting lure type highlighted by the Kaspersky report asks for just a tiny amount of money to complete the scam transaction. In 1 example the team gives, the criminals only asked for 1.99 Rubles ($.27).

“The calculation was simple: Users would be less averse to paying a small amount than a larger one, which means more potential victims willing to enter card details on the bogus site,” the report explained. The emails usually had themes around everyday services like deliveries, fake “invoices” for domain usage or a WhatsApp subscription.

Scam Lure

Facebook users were targeted last quarter by a scam lure saying their accounts were in violation of the platform’s terms of use, Kaspersky warned. The 1st link went to a legitimate Facebook page to reassure the victim that it was real. The 2nd link went to a phishing site.

“The attackers’ calculation was simple: 1st lull the victim’s vigilance with a legitimate link, then get them to enter their credentials on a fake page,” the report explained.

In all, spam traffic was down somewhat (by 2.1% in Q1.

Russian

The Russian-language internet (“Runet”) also saw a small drop in spam of less than 2%, the report added. Russia accounted for the largest % of outgoing spam with 22.47%, followed by Germany with 14.89%, Kaspersky found. The US & China meanwhile followed with 12.98% & 7.38% of the world’s spam traffic.

Malicious email attachments detected were also down, but Kaspersky explains that this is primarily due to a boost in the number of attachments blocked by mail antivirus.

Malware Families

The most common malicious attachments for spam emails in the quarter was the Agensla malware, outlines Kaspersky, with 8.91% of malicious trojan market; then Microsoft Equation Editor vulnerability exploits for CVE-2017-11882. The Badun family was 3rd with 5.79%.

“The Top 10 most common malicious attachments in Q4 corresponds exactly to the ranking of families,” the report explained. “This suggests that each of the above-described families was widespread largely due to 1 member.”

Online stores remain the most popular impersonation targets for phishing pages, the report added, accounting for 15.77% of those observed, Kaspersky stated. Global internet portals (15.5%) & banks (10.04%) were close behind.

Tourism-Related

Also, Kaspersky warns about a potential slight increase in tourism-related bait soon.

“As the summer season approaches, an increase in the number of emails related to tourism is possible; however, due to the pandemic, it is likely to be small,” the report suggested.

“On the other hand, cyber-criminals will almost certainly continue to actively hunt corporate-account credentials, exploiting the fact that many companies are still in remote-working mode & communication among employees is predominantly online.”

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds