Google registers a 350% rise in phishing websites, chatbots joins scams, and fake OneDrive login is hot.
Phishing continuously evolves as hackers constantly improve their tactics to net more victims. But the COVID-19 pandemic has sparked their imaginations and created a notable surge in phishing creativity. MSSPs need to add these new tactics to their security measures and client employees’ phishing training to keep everyone aware and informed. Here are some of the most notable and newest phishing threats.
Who knows who WHO is? IBM X-Force recently identified a new HawkEye malware variant distributed in emails spoofing the Director-General of the World Health Organization, Dr. Tedros Adhanom Ghebreyesus. That email campaign began on March 19 and continues today, according to the X-Force researchers.
Specifically, the spam email has attachments with Agent Tesla malware which deploys a keylogger and info stealer. The emails are personalized for each recipient by a username stripped out of the email address. And the emails claim to be from Dr Tedros Adhanom Ghebreyesus, Director-General of WHO – instead of the organization in general – to gain credibility with recipients, the researchers said.
“Unfortunately, the pandemic entices criminals to increase their social engineering and phishing email scams and target people’s fear with false information. The criminals rely on fear and the appetite for information to lure people to open attachments or click the links to load malware onto their systems,” said James McQuiggan, security awareness advocate at KnowBe4.
Fake OneDrive logins. There’s a new global work-from-home phishing campaign that uses a fake OneDrive login in a credential-stealing scam.
“We are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page. Threat actors are actively utilizing this pandemic to attempt to compromise individuals’ accounts and organization’s networks,” said Mimecast researchers. “The potential for human error will inevitably increase and we expect to see more of these phishing attempts in the coming days and weeks.”
Customer support chatbots steal personal information. A new phishing scam discovered by MalwareHunterTeam targets Russian victims using a “customer support” to notify them of a refund for unused internet or cellphone services. The chatbot scheme is likely to expand the victim count to include people in other countries.
“If it’s too good to be true, it probably is — a famous quote, but one that is a recommended warning to be heeded when it comes to online ads, pop-ups or emails. In this case, the attackers are luring the victims with the promise of money and many are unknowingly falling for it,” said McQuiggan.
McQuiggan says the best prevention is to verify the website or the organization providing the opportunity and reply there.
“Checking to see if the company is real or ignoring it completely and closing the window is recommended. There are a lot of ads which are online scams that utilize click bait to entice people to click a link,” said McQuiggan.
“The victim is then prone to give up sensitive information or provide access to their social media accounts, which in turn leads to the criminal hackers gaining access to more information about the victim to leverage against their own contacts, friends and family,” McQuiggan added.
Google registers a 350% Increase in phishing websites. According to data and analysis by Atlas VPN, “the number of phishing websites spiked by 350% during the coronavirus pandemic. This led to the number of registered phishing sites to rocket to over half a million in March 2020.”
Highlights of the report on the researchers’ findings include:
“Hackers identified coronavirus as something users are desperate to find information on. Panic leads to irrational thinking and people forget the basics of cybersecurity. Users then download malicious files or try to purchase in-demand items from unsafe websites, in result becoming victims of scams,” said Rachel Welsh, COO of Atlas VPN.
As protective measures against COVID-19 continue for the foreseeable future in nearly every country, more creative phishing tactics will emerge. MSSPs are now burdened to spot them quickly and guard their clients against them.
New Pure Storage EMEA Channel Leader Details Jump from Veritas
Qumulo Confirms Layoffs, Citing Economic Conditions, Reaching Profitability
Images: HPE Discover 2022 Expo Hall Featuring Microsoft, Ingram Micro, VMware
How to Make Embracing Change Part of Your Company Culture
Tetra Defense: Unpatched Systems Behind Costliest Cyberattacks in Q1
HPE Recognizes Partners’ Transformation and Growth with Awards
Veeam Co-Founders Launch Startup Object First with S3-Compatible Storage
Avaya Reshapes Partner Landscape with New Cloud Products for a Hybrid World
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.