WyzGuys Tech Talk

Phishing Email Alerts

Catch of the Day: Nespresso Phish
Chef’s Special: AI Phish

Examples of clever phish that made it past my anti-spam nets and into my inbox. Some are contributed by clients or readers like you, and other reliable sources on the Internet.

You can send phishing samples to me at phish@wyzguys.com.

My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.

[Wake Up Call] A Fresh Nespresso Domain Hijack Brews an MFA Phishing Scheme

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.

Open-redirect vulnerabilities enable attackers to send users to phishing sites via seemingly benign links. In this case, the attackers are sending emails that appear to be multi-factor authentication requests from Microsoft.

“This attack starts with an email,” the researchers explain. “Albeit in this instance a very strange email that at first glance appears to be a multi-factor authentication request from Microsoft. The email sender is unaffiliated with Microsoft.

“At the bottom of the message it seems that the email has been forwarded twice. This creates a rather muddled message that the attacker likely fabricated entirely. Perhaps the intent of the ‘forwarding’ was to provide an explanation as to why the email doesn’t originate from Microsoft. Regardless of the convoluted details, the overall message is clear.”

If the user clicks the link, they’ll be sent to a phony Microsoft login page designed to steal their credentials.

“The email urges the recipient to check their recent login activity,” the researchers write. “Upon clicking the link, the user is first directed to the infected Nespresso URL, followed by a redirection to an .html file. The goal of using the Nespresso open redirect vulnerability is to evade security measures.

“Attackers know that some security vendors only inspect the initial link, not digging further to discover any hidden or embedded links. With this knowledge, it makes sense that the attacker would host the redirect on Nespresso, as the legitimate domain would likely be sufficient to bypass many security vendors, detecting only the reputable URL and not the subsequent malicious ones.”

Blog post with links:
https://blog.knowbe4.com/phishing-campaign-exploits-nespresso-domain

AI-Assisted Phishing Attacks Are on the Rise

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler.

“AI represents a paradigm shift in the realm of cybercrime, particularly for phishing scams,” the researchers write. “With the aid of generative AI, cybercriminals can rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness.

“By leveraging AI algorithms, threat actors can swiftly analyze vast datasets to tailor their attacks and easily replicate legitimate communications and websites with alarming precision. This level of sophistication allows phishers to deceive even the most aware users. The potential of AI in reshaping the cyberthreat landscape appears boundless as it continues to redefine what is possible in the world of cyberattacks.”

The report also found that the finance and insurance industry saw a 393% year-over-year increase in phishing attacks in 2023. Nearly 28% of all phishing attacks last year targeted this sector.

“This industry is an attractive target for threat actors aiming to engage in identity theft or financial fraud,” the researchers write. “The increasing reliance on digital financial platforms provides ample opportunities for threat actors to carry out phishing campaigns and exploit vulnerabilities in this sector.”

Additionally, Zscaler observed an increase in phishing kits designed to bypass multi-factor authentication.

“Over the past year, a concerning trend has emerged where adversaries successfully circumvent enterprise multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) proxy-based phishing attacks,” the report says.

“In the coming year, we expect phishing kits to increasingly include sophisticated AiTM techniques, localized phishing content, and target fingerprinting — of course enabled by AI. These advancements will allow attackers to conduct high-volume phishing campaigns aimed at evading MFA protections at enterprise scale.”

Blog post with links:
https://blog.knowbe4.com/ai-assisted-phishing-attacks-rise