Phishing strategies are among the most widely used strategies used to scam and manipulate the intended user into falling victim to viruses and various crimes. However most of the phishing strategies can be easily detected and bypassed.
At this time a new type of attacks have been detected that uses a new hybrid approach. The detected campaigns use a non-standard approach which some specialists may label as “hybrid”. This label comes from the fact that they use several advanced techniques in order to hide their malicious nature.
The New Phishing Attacks Focus on Affecting As Many Victims as Possible
Phishing campaigns as one of the most popular ways to spread viruses and trick the victims into opening up social engineering pages that will steal sensitive data. The shift in strategy may be related to the workings of a more experienced hacking group, at the time of writing this article there is no information available about the collective. They are probably experienced enough to have created the campaigns.
A combination of both old and new strategies are being used by the hackers. The intended victims will receive email notifications that include a voicemail via the Office 365 system. However instead of leaving the standard notifications that the users will need to open a link or download a file to access it. This time the hackers will insert a transcript of the supposed voicemail which appears to the users as being generated by the Voicemail to Text feature which is part of the collaboration suite. The reason why people may fall for this scam is that this is a relatively new feature that is not assumed to be abused by criminals.
Upon taking a closer look at the body contents of the message the security analysts discovered that a large part of the emails is actually an image file. This is intentional as many gateways and SPAM filters are not able to effectively analyze such messages for threats. The hackers can prevent automated malware scans by implementing legitimate looking MIME types in the layout. Such information is classified as important by the email engines.
The Hybrid Phishing Attacks Allow Hackers to Craft Custom Scams
The hacking groups that utilize these attacks can customize them in any way possible. While the detected versions scam the recipients into thinking that they have received a voicemail message, practically all popular schemes can be used. Some of the options may include the following:
- Personal Messages — The hackers can use leaked data and information about the recipients and trick them into believing that they have received a message from a friend or relative.
- Product Ads — The hackers can impersonate companies and product announcements. Usually they will include links to updates, patches and add-ons. _HERE
- Service Notifications — These email messages can be easily faked as the hackers usually have easy access of the multimedia contents and layout.
During the in-depth analysis of the malware messages it has been found that the phishing end URL are placed in HTML attachments that contain a meta refresh code. This will make it very hard to use blacklists and ordinary SPAM filtering technologies as there is no easy way to read the URL endpoints. This technique can be further enhanced by the addition of URL shorteners.
Due to the way the messages are personalized and customized the security researchers propose that current attacks are focused against business owners and the industry. Some of the example subject lines are the following:
- New email Received on:
: , - New mail on:
: , - New email from: