Friday Phish Fry

Phishing Email Alerts

Catch of the Day: Disney+ Phish
Chef’s Special: PDF Phish
Also serving: Star Blizzard Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. The joint CSA aims to raise awareness of the specific tactics, techniques, and delivery methods used by this Russia-based threat actor group to target individuals and organizations. Known Star Blizzard techniques include:

  • Impersonating known contacts’ email accounts,
  • Creating fake social media profiles,
  • Using webmail addresses from providers such as Outlook, Gmail and others, and
  • Creating malicious domains that resemble legitimate organizations.

CISA encourages network defenders and critical infrastructure organizations review the CSA to improve their cybersecurity posture and protect against similar exploitation based on threat actor activity. CISA also urges software manufacturers to incorporate secure-by-design and -default principles into their software development practices, limiting the impact of threat actor activity.

For more guidance to protect against the most common and impactful threats, visit CISA’s Cross-Sector Cybersecurity Performance Goals. For more information on secure by design, see CISA’s Secure by Design webpage.

Don’t Be Fooled by This Sneaky Disney+ Phishing Scam

From Knowbe4

A callback phishing campaign is impersonating Disney+ with phony invoices, according to researchers at Abnormal Security. The phishing emails targeted individuals at 22 organizations.

“The first step in this multi-stage attack is a seemingly auto-generated notification email informing the target of a pending charge for their new Disney+ subscription,” the researchers explain.

“The message states that, per the contract signed during the initial registration process, the recipient will be automatically billed on the same day the notification was sent. The email continues by explaining that if the payment is authorized, no further steps are required. However, if the recipient did not approve this transaction, they can contact the support team.”

The phony invoice contains the recipient’s real name, as well as a phone number for the recipient to call if they want to cancel the subscription.

“Should the recipient call the number, one of two things is likely to happen,” the researchers write. “The first is they will be asked to provide sensitive information, such as banking details or login credentials, that the attacker can then use to either complete fraudulent transactions or compromise accounts.

“The other possibility is they will be given instructions for downloading software they are told is necessary to assist with stopping the charge but will actually infect their computer with malware.” Notably, the email says they’ll be charged $49.99 if they don’t dispute the subscription (a real Disney+ subscription costs $13.00 per month).

“By telling the target they are hours away from being charged for an amount that is 3.5x the highest-cost subscription, the attacker increases the likelihood that the recipient will be quick to call the provided number to stop the transaction,” the researchers write.

Blog post with links:
https://blog.knowbe4.com/dont-be-fooled-disney-scam

PDFs: Friend or Phishing Foe? Don’t Get Caught by the Latest Scam Tactic

From Knowbe4

Researchers at McAfee warn that attackers are increasingly utilizing PDF attachments in email phishing campaigns.

“Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns,” the researchers write. “These PDFs were delivered as email attachments. Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness.”

“PDFs, commonly seen as legitimate documents, provide a versatile platform for embedding malicious links, content, or exploits. By leveraging social engineering and exploiting the familiarity users have with PDF attachments, attackers increase the likelihood of successful phishing campaigns. Additionally, PDFs offer a means to bypass email filters that may focus on detecting threats in other file formats.”

Scammers are crafting PDFs that impersonate popular brands in order to deliver malware or trick victims into handing over sensitive information.

“Attackers employ a range of corporate themes in their social engineering tactics to entice victims into clicking on phishing links,” McAfee says. “Notable brands such as Amazon, Apple, Netflix, and PayPal, among others, are often mimicked. The PDFs are carefully crafted to induce a sense of urgency in the victim’s mind, utilizing phrases like ‘your account needs to be updated’ or ‘your ID has expired.’ These tactics aim to manipulate individuals into taking prompt action, contributing to the success of the phishing campaigns.”

The researchers offer the following advice to help users avoid falling for phishing attacks:

  • “Be Skeptical: Exercise caution when receiving unsolicited emails, messages, or social media requests, especially those with urgent or alarming content.”
  • “Verify Sender Identity: Before clicking on any links or providing information, verify the legitimacy of the sender. Check email addresses, domain names, and contact details for any inconsistencies.”
  • “Avoid Clicking on Suspicious Links: Hover over links to preview the actual URL before clicking. Be wary of shortened URLs, and if in doubt, verify the link’s authenticity directly with the sender or through official channels.”
  • “Use Two-Factor Authentication (2FA): Enable 2FA whenever possible. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your mobile device.”

McAfee has the story.

 

Be Sociable, Share!

15
DEC
0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.