WyzGuys Tech Talk

Catch of the Day:  Prevention Phish
Chef’s Special: Phishing Attacks Surge
Also serving: Phishing as a Service

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

10/18/2023 08:00 AM EDT

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.

CISA and its partners encourage network defenders and software manufacturers to implement the recommendations in the guide to reduce the frequency and impact of phishing incidents. For more information, see CISA’s Malware, Phishing, and Ransomware and Security-by-Design and -Default webpages.

Phishing Attacks Surge by 173% In Q3, 2023; Malware Threats Soar by 110%

A new report from Vade Secure has found that phishing attacks rose by 173% in the third quarter of 2023, while malware threats have increased by 110%.

“While hackers were busy throughout Q3, they were most active in August, sending more than 207.3 million phishing emails, nearly double the amount from July,” the researchers write. “September was the second most active month for phishing (172.6 million emails), followed by July (113.4 million emails).”

Vade notes that Facebook and Microsoft remained the most commonly impersonated brands in Q3 2023. “Trends come and go, but Facebook and Microsoft have proven to be perennial favorites among hackers. Both brands have been the #1 or #2 most impersonated since 2020,” the researchers write.

“While Q3 2023 didn’t deviate much from the trend, it was exceptional for different reasons. Facebook was not only the most impersonated brand of the quarter (16,657 URLs), but it also experienced a 104% and 169% increase in phishing URLs compared to Q1 and Q2 2023, respectively (8,141 and 6,192).

“In this one quarter, Facebook saw more than 50% of its 2022 total (25,551). Facebook also accounted for more phishing URLs than the next seven most spoofed brands combined (16,657 vs. 16,432).”

The financial services industry saw the highest number of phishing URLs last quarter. “All industries saw a significant increase in phishing attacks,” Vade says. “Cloud, social media, and financial services all saw dramatic increases of 127%, 125%, and 121%, respectively. Government experienced the greatest increase of 292%, while e-commerce and logistics also grew by 62%. Only internet/telco experienced a decline (-29%).”

“Overall, financial services accounted for the highest total of phishing URLs, followed by cloud, social media, e-commerce/logistics, internet/telco, and government.”

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/phishing-threats-surge

Phishing-as-a-Service: As Simple as Uploading a Logo

Researchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate.

“Currently, twelve phishing kits are sold on Strox for $90 USD each. A purchase of one of these kits includes a unique API key that promises the buyer continued development and updates of the page content and antibot information,” Fortra says.

“Customers are able to view demo phishing pages before buying them for use and may customize which pages are active when an attack is live. In all available kits, phishing content auto translates its language to match the selected language of the victim’s browser. The service claims that over 230 languages are available.”

Strox kits are easy to use and highly automated, allowing users to run multiple phishing campaigns simultaneously.

“All scam kits available from Strox include a real-time admin panel which allows the phisher to control and monitor their active attacks,” the researchers write. “Logging information on the pages provides a live look at the number of people currently looking at phishing content and the actions that are being taken.”

“This functionality is also leveraged in man-in-the-middle style attacks to obtain two-factor authentication codes and bypass additional security checks. When the threat actor is not available to monitor phishing attacks, they may opt to set phishing attacks to a dormant state. This measure may prevent pages from being detected during times when they are unproductive.”

Notably, Strox also offers to set up bulletproof hosting infrastructure for customers’ phishing campaigns for just three dollars per day. Scary.

Blog post with links:
https://blog.knowbe4.com/phishing-as-a-service-logo