Upon receiving their authentication credentials, the scam informed its victim that it would redirect them to the website. Instead, the ruse sent them to a 404 error message and redirected them to a URL that included the malicious actors’ domain name followed by the victim’s domain name.
Other Interesting Attack Lures
This scam email wasn’t the only attack campaign that leveraged interesting lures between March and June. At the end of June 2020, Cofense discovered a phishing scam with attack emails that used the subject line “Fraud Detection from Message Center.” The email accounts compromised belonged to a school district. Those emails warned the recipients that a security team had detected suspicious activity on their bank accounts. In actuality, the attack emails arrived with a .ICS calendar attachment that included a link hosted on Sharepoint. This link ultimately redirected a user to a phishing site hosted on Google designed to steal banking data.
A few days later, Group-IB came across a multi-stage attack campaign that began with a text message. The message claimed the sender was a recognized media outlet. It also contained a shortened link that redirected people to a fake blog post from that same media organization. Those pages used fake celebrity endorsements to trick the target into clicking anywhere on the page. If the user clicked, the page redirected them to a website hosting a bitcoin investment scam.
How to Defend Against Attacks Using Unusual Lures
These attacks highlight the need for organizations to defend against attack campaigns that use unusual lures. Organizations should invest in a security awareness campaign that seeks to educate the workforce about social engineering techniques. The operation should seek to explore the use of tactics in phishing and other attack operations for the purpose of tricking their victims. Organizations also should develop training modules to teach users about what to avoid, including clicking on embedded links within emails and unsolicited text messages or email attachments from unknown sources. Finally, they should consider using email banners to warn recipients when an incoming message originates from an external source.
Malicious actors are always adding new tactics to their arsenal. Acknowledging these scams and regularly testing employees. will help keep team familiar with emerging attack techniques.