In late June, Naked Security received a scam email that pretended to originate from WordPress.com. It leveraged this cover to inform the recipient that their website was eligible to receive security upgrades under the Domain Name System Security Extensions (DNSSEC). The message provided a short overview of DNSSEC and how it factored into the growth of the internet over time.
When the recipient clicked on the email’s embedded link, they found themselves redirected to a landing page masqueraded as a “WordPress Update Assistant.” This page prompted the recipient to log into their WordPress account so that they could allegedly receive the new security features on their domain. The page included logos and icons that matched the recipient’s service provider. It also included a “How to use this assistant” button.

Upon receiving their authentication credentials, the scam informed its victim that it would redirect them to the website. Instead, the ruse sent them to a 404 error message and redirected them to a URL that included the malicious actors’ domain name followed by the victim’s domain name.

Other Interesting Attack Lures

This scam email wasn’t the only attack campaign that leveraged interesting lures between March and June. At the end of June 2020, Cofense discovered a phishing scam with attack emails that used the subject line “Fraud Detection from Message Center.” The email accounts compromised belonged to a school district. Those emails warned the recipients that a security team had detected suspicious activity on their bank accounts. In actuality, the attack emails arrived with a .ICS calendar attachment that included a link hosted on Sharepoint. This link ultimately redirected a user to a phishing site hosted on Google designed to steal banking data.

A few days later, Group-IB came across a multi-stage attack campaign that began with a text message. The message claimed the sender was a recognized media outlet. It also contained a shortened link that redirected people to a fake blog post from that same media organization. Those pages used fake celebrity endorsements to trick the target into clicking anywhere on the page. If the user clicked, the page redirected them to a website hosting a bitcoin investment scam.

On July 1, Cybereason came across a FakeSpy campaign. That operation began with an SMS phishing message that appeared to come from a post office located near a target. Those messages contained “delivery updates” which brought users to a website to lure them into downloading a local postal app. That app turned out to be an Android application package for the FakeSpy Android mobile malware.
That same day, Grantham Journal revealed that malicious actors had begun circulating a scam on Facebook. The ploy claimed that a girl had disappeared in downtown Grantham, a town in Lincolnshire, United Kingdom. It urged people to share the post in an attempt to find her. The post attempted to steal users’ Facebook account credentials by redirecting them to a fake login page for the social media site.

How to Defend Against Attacks Using Unusual Lures

These attacks highlight the need for organizations to defend against attack campaigns that use unusual lures. Organizations should invest in a security awareness campaign that seeks to educate the workforce about social engineering techniques. The operation should seek to explore the use of tactics in phishing and other attack operations for the purpose of tricking their victims. Organizations also should develop training modules to teach users about what to avoid, including clicking on embedded links within emails and unsolicited text messages or email attachments from unknown sources. Finally, they should consider using email banners to warn recipients when an incoming message originates from an external source.

Malicious actors are always adding new tactics to their arsenal. Acknowledging these scams and regularly testing employees. will help keep team familiar with emerging attack techniques.

More from

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

Why Crowdsourced Security is Devastating to Threat Actors

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that my AV software license is about to expire. Blocking or filtering has limited success and, as often as not, flags wanted rather than unwanted messages.…

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…