Security researchers just discovered a new phishing attack that is responsible for the distribution of over 550 million emails since Q1 2018. The campaign was first detected in the beginning of January when it was observed targeting users on a global scale. Countries with high concentrations of impacted email users include the US, UK, France, Germany, and the Netherlands, Vade Secure researchers recently shared.
New Phishing Campaign Targets Bank Accounts
The purpose of the phishing attack is to steal users’ bank account details. Targeted users are lured by offers about coupons or discounts in exchange for taking part in a quiz or online contest. Typically, the phishing emails attempt to fool users by representing popular brands, streaming services and telecom operators, depending on the country of the targeted users. One example is Canada Pharmacy in the United States, and Orange and Carrefour in France. To increase the click-rate of the phishing message, it comes written in the language of the targeted user group.
Phishing pages are typically hosted on pirated websites. In this case, the IP addresses, servers, and domain names appear to be leased and therefore legitimate. Because the infrastructure cost is high, amounting to several tens of thousands of dollars, the attack is likely being undertaken by a serious criminal organization.
On top of that, the attackers deployed tools to shorten URLs and link several hundred URLs together, thus succeeding to hide the ultimate destination address and jam detection tools.
Here’s an example of one of the detected phishing emails:
As visible, the message involves Bitcoin, and this is not surprising at all. In 2017, there were plenty of spam campaigns built on the hottest topic of Bitcoin and altcoins. Cryptocurrencies gained “a foothold in advertising spam and fraudulent mailings” throughout 2017. The all-so-typical spam campaigns themed with “earn from home” promises, financial pyramids, fake lottery wins, etc., are now replaced with the theme of crypto, and the trends will definitely continue to evolve throughout 2018.
These techniques are quite sophisticated and were not easy to detect by many email security solutions, the research found. Gartner experts have already come to the conclusion that advanced threats are easily circumventing the signature-based and reputation-based prevention mechanisms that a secure email gateway traditionally deploys.
How to Stay Protected Against Phishing Scams: Useful Tips
In some cases, all that is required to rid of some phishing scams is simple to ignore the message, never respond to it and delete it. Other scams, however, require further action, such as thoroughly scanning your computer with security software to determine whether you have some malware component that is pushing spoofed messages to your computer, browser or email address.
In case you believe your computer is endangered because you have interacted with some form of a phishing email, it’s strongly recommended to scan it with security software.
SpyHunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter