Campaign Delivers Over 550 Million Phishing Emails in Q1 of 2018

Security researchers just discovered a new phishing attack that is responsible for the distribution of over 550 million emails since Q1 2018. The campaign was first detected in the beginning of January when it was observed targeting users on a global scale. Countries with high concentrations of impacted email users include the US, UK, France, Germany, and the Netherlands, Vade Secure researchers recently shared.

New Phishing Campaign Targets Bank Accounts

The purpose of the phishing attack is to steal users’ bank account details. Targeted users are lured by offers about coupons or discounts in exchange for taking part in a quiz or online contest. Typically, the phishing emails attempt to fool users by representing popular brands, streaming services and telecom operators, depending on the country of the targeted users. One example is Canada Pharmacy in the United States, and Orange and Carrefour in France. To increase the click-rate of the phishing message, it comes written in the language of the targeted user group.

Phishing pages are typically hosted on pirated websites. In this case, the IP addresses, servers, and domain names appear to be leased and therefore legitimate. Because the infrastructure cost is high, amounting to several tens of thousands of dollars, the attack is likely being undertaken by a serious criminal organization.

On top of that, the attackers deployed tools to shorten URLs and link several hundred URLs together, thus succeeding to hide the ultimate destination address and jam detection tools.

Here’s an example of one of the detected phishing emails:

As visible, the message involves Bitcoin, and this is not surprising at all. In 2017, there were plenty of spam campaigns built on the hottest topic of Bitcoin and altcoins. Cryptocurrencies gained “a foothold in advertising (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: