Catch of the Day: Scam as a Service Phish
Chef’s Special: Vanishing Act Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at firstname.lastname@example.org.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Now entering its third year in business, the phishing platform, Classiscam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1,000 attack groups worldwide.
What do cybercriminals need for a successful attack? A convincing email, a list of potential target email addresses, and a website to extract payment details, bank login credentials, etc. And it’s the last part that’s usually the barrier to market for those that want to get into cybercrime.
But scam-as-a-service platform Classiscam has evolved its operations over the years, according to a new report by cybersecurity vendor Group-IB. It has created a template-based service where attackers can create brand impersonated webpages and support localization to expand attacks globally.
According to Group-IB, 251 unique brands were impersonated in the last two years in a total of 79 countries. Over 38,000 separate cybercrime groups have used this service from 2020 through this year, raking in an estimated $64.5 million to Classiscam during that time.
Used to target EMEA, Latin America, and APAC regions, the potential for this platform to expand operations into North America is high.
The real danger for organizations is the templated phishing sites. By continually monitoring and improving these sites, attackers are more successful. In other words, it becomes more likely that targets will become victims.
All the more reason to prop up your user’s sense of vigilance through continual security awareness training to help make the phishing attacks that precede the Classiscam pages obvious to the user.
Blog post with links:
Researchers at Barracuda describe how attackers use legitimate email inbox rules to control compromised accounts and evade detection.
“In order to create malicious email rules, the attackers need to have compromised a target account, for example, through a successful phishing email or by using stolen credentials seized in an earlier breach,” the researchers write.
“Once the attacker is in control of the victim’s email account — a type of attack known as an account takeover — they can set one or more automated email rules, a simple process that enables the attackers to maintain stealthy, persistent access to the mailbox — something they can use for a whole variety of malicious purposes.”
Inbox rules can be exploited to carry out further social engineering attacks using the compromised accounts. “BEC attacks are all about convincing others that an email has come from a legitimate user, in order to defraud the company and its employees, customers, or partners,” the researchers write.
“Attackers could set a rule that deletes all inbound emails from a certain colleague, such as the Chief Finance Officer (CFO). This allows the attackers to pretend to be the CFO, sending colleagues fake emails to convince them to transfer company funds to a bank account controlled by the attackers.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
[CONTINUED] at the KnowBe4 blog: