The Latest in Phishing: December 2017

We bring you the latest in phishing statistics and attacks from the wild.

Phishing Statistics and News:

• Mimecast’s latest Email Security Risk Assessment (ESRA) report has identified “impersonation phishing attacks” — which Mimecast defines as “fairly simple emails which impersonate the C-suite and ask for wire-transfers or credibly request that other sensitive data be sent to the fraudster” — as the fastest-growing cybersecurity threat. This conclusion cements end users as being the key component to any sound security program. Coverage by TechRepublic states, “Why try to exploit a secure system when you can just trick someone into giving you what you want?”
• Researchers at Google and UC Berkeley examined data from 25,000 malicious tools used in phishing and keylogging attacks to explore how cybercriminals breach online accounts. They found that phishing attacks outrank data breaches as posing the most risk to end users due to the sensitivity of information being targeted. According to CSO, the study took place over a year and focused on Google as the case study, ultimately helping to “secure some 67 million Google accounts before they could be abused.”
• The latest Anti-Phishing Working Group (APWG) report supports the need for strategic phishing awareness training. It explores phishing activity trends in the first half of 2017 to reveal the volume of phishing attacks has increased, and scammers are targeting more brands compared to 2016. You can read a full recap of the report on our blog.
• A study by UK’s Get Safe Online organization has identified millennials as being more than twice as likely to fall for phishing attacks compared to those from older generations, revealing that “More than one in ten youngsters aged 18-24 said they had fallen for a phishing attack, compared to 1 in 20 individuals aged 55+. The study also revealed that 27% of millennials believe they are “too smart to fall for scams” and that only 40% said they “carefully read and re-read” emails they receive. According to coverage from Bleeping Computer, this latest study reflects findings from earlier reports that indicated “baby boomers and the older generations are often more in tune with modern cybersecurity practices when compared to millennials.”   

Increase your security response team's efficiency with PhishAlarm Analyzer

Phishing Attacks:

• Private schools in the UK with subpar security infrastructures are being targeted by cybercriminals whose objective is to steal parents’ info and hit them with phishing emails containing fake invoices and other trickery. An SC Magazine article interviewed NuData Security vice president Ryan Wilk on the matter, stating “This kind of thought-out, organized and targeted cyber-crime is the perfect example of how cyber-crime has developed from opportunistic to highly organized in recent years.” The article warns parents to remain “extra vigilant” and be careful before making payments to the schools.
• As the new year approaches, the IRS is gearing up for another season of fraudulent tax returns. Suspicious emails requesting W-2 or other tax-related information should be forwarded to phishing@irs.gov. The National Law Review has compiled some tips for avoiding W-2 phishing scams, which are a common type of business email compromise (BEC) attack. Use our infographic to raise awareness among your end users and help protect your organization from BEC.
• While the price of Bitcoin continues to rise, scammers are eyeing Bitcoin wallets more aggressively than they have in years past. Bleeping Computer has profiled a few services and security researchers that track phishing pages, identifying Blockchain and LocalBitcoins as two targets, with many more likely.
• Ukrainian scammers targeting Canadian banks have shifted their focus to SMBs in the country with a clever spear phishing scheme. The attackers pose as the security or customer service department of the victim’s bank in an attempt to take control of an account and transfer money into their control. An article from IT World Canada details the scam, stating, “The email says victims need to re-synchronize their security token devices used for multifactor authentication, warning that their existing device for payment processing can’t be used until it is synched again.” According to IBM researchers on the case, this is a fairly common and successful tactic used in attacks.
• Healthcare IT News reports banking Trojans that have primarily targeted the finance industry are now reaching healthcare by way of attacks that reply to an organization’s stored emails, sending fake emails with malicious attachments. Research from security firm Barkly claims these types of attacks are hard to detect, and suggests trying to block them before they can penetrate an organization.
• A sophisticated phishing and social engineering scheme is targeting organizations’ financial departments in an attempt to steal credentials. Emails that contain “updated invoices” appear to come from someone the recipient knows, but once clicked, a Word attachment downloads malicious software onto the victim’s system. ZDNet’s coverage of the attack details research from Barracuda Networks.
• A new phishing campaign takes a three-pronged approach to stealing banking information. The scam employs Marcher malware, credit card data theft, and credential phishing, and was discovered by Proofpoint researchers in early November. First, a bit.ly link is sent to the potential victim; when clicked, the link resolves to a fake Bank Austria login page. Users are then asked to enter their email address and phone number; then, a message is sent instructing the subject to download the new Bank Austria app. A ZDNet article detailing the scheme states, “The fake app requires extensive permissions including writing and reading external storage, access to precise location, complete control over SMS messages, the ability to read contact data, the ability to read and write system settings, the ability to lock the device and more.” This malicious software allows the theft of credit card information and other credentials. It is believed that close to 20,000 people have already fallen for the attack.
• Phishing scams involving Netflix aren’t anything new, but a recent one making the rounds has reached close to 110 million subscribers with a phony account suspension notification. The email utilizes a personalized subject line and claims that the recipient’s billing info needs to be updated, ultimately requesting credit card and bank info via a fake landing page. It is unknown how many people actually fell for the attack.
• Security researcher Wesley Neelen discovered a phishing attack aimed at users of the less common cryptocurrency known as Ethereum after receiving the phishing email himself. Scammers posing as Myetherwallet, the site used to manage Etherum wallets, sent emails requesting users sign into their accounts and sync their wallets in order to avoid disruption of service or loss of currency. Users who clicked the link were routed to a phishing site that utilized Unicode characters in the domain, which can easily deceive an unobservant eye. More than $15,000 in Ethereum coins was stolen in approximately two hours.