Catch of the Day: Disney+ Phish
Chef’s Special: PDF Phish
Also serving: Star Blizzard Phish
Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at phish@wyzguys.com.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard
Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:
- Impersonating known contacts’ email accounts,
- Creating fake social media profiles,
- Using webmail addresses from providers such as Outlook, Gmail and others, and
- Creating malicious domains that resemble legitimate organizations.
CISA encourages network defenders and critical infrastructure organizations review the CSA to improve their cybersecurity posture and protect against similar exploitation based on threat actor activity. CISA also urges software manufacturers to incorporate secure-by-design and -default principles into their software development practices, limiting the impact of threat actor activity.
For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals. For more information on secure by design, see CISA’s Secure by Design webpage.
Don’t Be Fooled by This Sneaky Disney+ Phishing Scam
From Knowbe4
A callback phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations.
“The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.
“The message states that, per the contract signed during the initial registration process, the recipient will be automatically billed on the same day the notification was sent. The email continues by explaining that if the payment is authorized, no further steps are required. However, if the recipient did not approve this transaction, they can contact the support team.”
The phony invoice contains the recipient’s real name, as well as a phone number for the recipient to call if they want to cancel the subscription.
“Should the recipient call the number, one of two things is likely to happen,” the researchers write. “The first is they will be asked to provide sensitive information, such as banking details or login credentials, that the attacker can then use to either complete fraudulent transactions or compromise accounts.
“The other possibility is they will be given instructions for downloading software they are told is necessary to assist with stopping the charge but will actually infect their computer with malware.” Notably, the email says they’ll be charged $49.99 if they don’t dispute the subscription (a real Disney+ subscription costs $13.00 per month).
“By telling the target they are hours away from being charged for an amount that is 3.5x the highest-cost subscription, the attacker increases the likelihood that the recipient will be quick to call the provided number to stop the transaction,” the researchers write.
Blog post with links:
https://blog.knowbe4.com/dont-be-fooled-disney-scam
From Knowbe4
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com