As a large portion of the workforce conducts business from their home from pandemic escape, scammers have aroused their scams to scare victims into falling into proxy harvesting systems.
Two new reports revealed new twists and turns that digital scammers use old approaches to inadvertently give up your login credentials for personal or corporate online banking and server portals. Two reports focus on how to avoid becoming a business or consumer victim.
Armorblox’s detailed new spiral threatens to recycle passive addresses unless potential victims update and immediately verify their account information. This leads to fearful recipients by entering their legal email addresses and password information.
Another report, which has been sent to the phishing protection company INKY, reveals complex directives on proxy fraud messages. These emails mimic the U.S. Department of Justice by using a malicious link to real logos that mimic government websites.
Phishing email pretends to be a DoJ
A phishing email scam that appears to be from the U.S. Department of Justice.
The collection of proxies is largely considered the basis for phishing email. Anyone has the easiest way to access your protected files. They just use the password you gave them, explained Dave Baggett, CEO and founder of INKY.
“Overall, in the phishing campaign, we’ve seen scam messages nearly triple since the pandemic began,” Baggett told TechNewsWorld.
Phishing banking
Armorblox, a cloud office security environment that protects incoming and outgoing corporate communications, last week released its latest discovery of a new licensing phishing company. The report explains how cybercriminals use an email whose malicious link leads to a fake website. The landing page carefully resembles the Bank of America login page.
This credential phishing site is designed to look like the Bank of America home page. Note that the URL in the address bar of your browser does not begin with a bank. However, the bank name is used elsewhere in the URL to trick visitors into the page.
Amorblox founder and architect Chetan Anand spoke about the latest proxy harvesting cycle on the company’s blog.
“Enemies are confusing and reconciling existing phishing tricks and adding some new ones to circumvent all organizational measures that increase security,” Anand told TechNewsWorld.
His report describes some examples of security measures and explains how the attack bypasses them. A recently discovered attack asked Bank of America authorizations to bypass all existing single sign-on (SSO) or two-factor authentication (2FA) measures.
In this case, the attackers also asked targets for security challenges to increase the legitimacy of the attack and obtain even more personal information. He explained that to successfully pass email authentication checks, attackers sent email from a reputable domain and created a zero-day domain on the phishing site to avoid detecting threat feeds.
This new pack of proxy harvesting attacks is becoming more common today, Anand noted. This type of attack is targeted at organizations of all sizes, but especially small and medium-sized businesses, which may not yet have all of their security processes.
“If an attacker gains access to an SMB employee’s email information, this email account is then set to launch attacks both within SMB and against customers, partners, and vendors,” Anand said.
Keep it-simple-stupid works
According to a report by Baggett on the INKY blog, unlike most other criminals, cybercriminals who commit proxy scams live a relatively stress-free life from crimes. Their biggest concern is whether you type in your password or not.
A modern-day credential harvesting phishing attack is easy to pull off. It has six simple steps, he explained.
They are easy to perform and even easier to sacrifice. This is the process:
1. The hacker sends a phishing message.
02. You are encouraged to click on the link and complete the task.
03. The link will take you to the PHONY website.
04. You will be tricked into entering your email address and password.
05. The hacker retrieves your password from the server.
06. The hacker will use your corrected information.
Remember that the speed of clicking this link is what cybercrime trusts.
"The basic problem is that tactical phishers now use generalization very well. For example, deceptive text tricks can be diverse," Baggett explained.
Why it works
Sophisticated attackers know that Secure Email Gateways or SEGs and other filters look for patterns that indicate known scams, according to Aggett. An intelligent attacker knows this. They hide this deceptive text from SEG and do it in a way that doesn’t look fun to the user.
For example, a SEG may have a rule that looks for the text "Office 365 Voicemail" because e-mail messages that contain this text have been reported as phishing. One misleading text tactic is to replace the letters in the spoofed text with other Unicode characters that look similar.
Security experts call these “confusing” because people confuse them easily. For example, an attacker could replace the letter O with any of these Unicode characters:
All the characters that appear on the screen are just missing from your font software. While few of these look exactly like the normal letter O, they can be confused quite easily with the normal letter O. The recipient might think that the font is a bit funny or that there is dirt on the screen, Baggett noted.
To detect this tactic, SEG need to look not only for "Office 365 Voicemail", but for all possible variations that an attacker can create with Unicode overrides. That’s an incredibly large number - far too many to just list in the code - and there are many other similar common tricks that attackers can also use, Baggett explained.
Versatile call to action
Bad operators entice users to respond by notifying them of a new document, answering machine, fax, or invoice. Another approach is Helpdesk scams that tell users that they need to verify or update their account. Otherwise, the account will be disabled.
“In a coronavirus pandemic, we have begun to see more occurrences in governments that provide health tips, grant funds, or the ability to follow new cases in their area,” Baggett said.
According to Anand, there is no panacea to help consumers and business IT companies catch or prevent these phishing scams from working. So organizations need to balance different security measures and process changes to improve their response to phishing attacks.
Original and third-party security controls, employee awareness, implementation of practices such as SSO and 2FA, and rapid automated case response are all part of the proliferation of proxy collection attacks.
“In this Bank of America attack, the biggest red flag is the‘ context red flag ’that grows when you think of email, i.e. Bank of America doesn’t send email to your work address on request But busy employees often don’t have the time or luxury to think about every email in their inbox and end up following email activity, "Anand said.
What else to do
Baggett recommends that consumers and business information technology do two things to fix or prevent these harvest cards from working. First, put sophisticated software-based email protection in place so that machines block most of these scams before delivery and users never interact with them.
Second, train users to suspect email in general. While people are unable to distinguish between false emails, it is still a good idea to use phishing awareness training for users to teach users without trusting their eyes about email. Above all, always check all sensitive emails through another separate communication channel.
“In other words, teach users to pick up the phone, send a Slack message, etc. To check that the mail they are looking at is really where it seems to be coming from,” Baggett said.
INKY, for example, facilitates this preventative measure by placing yellow warning bars on emails with sensitive content, such as thread requests, password reset requests, etc. The software "sees" the mail as a human recipient.
This allows INKY to fit the text of the email to "fuzzy" or approximately based on visuals. For example, it recognizes the general form of letters and not specific letters.
Human brain responses
Anand favors email recipients using some basic analysis to prevent proxy harvesting scams. He agrees that busy employees can’t look at all the emails with rational, slower thinking in their brains. But they can learn to be careful about identities, behaviors, and language signals in the emails they read.
For example, under identity, users must confirm that the email actually comes from the person / organization allegedly coming from, including the domain name, sender name, etc. When behaving, users should ask if the email is consistent with past behavior from the email sender. Ask yourself if Bank of America usually sends emails to your work address. Under the tongue, users should be careful in all emails that try to trigger urgency, fear, and authority.
"It is unreasonable to place all this responsibility on end users. Organizations should seek to invest in original and third-party email security controls that analyze these signals and more," suggested Anand.
0 Comments