The IT Nerd

Researchers at Avanan, A Check Point Company, have released their latest blog discussing how hackers are rerouting finances into different accounts. In this attack, hackers are taking over legitimate email accounts and sending out emails to the finance department or HR requesting to change banking information on payroll to the account of the hacker’s choice. 

You can read the blog post here.

Today, researchers at Avanan, a Check Point Company published their latest blog post discussing how hackers are sending messages directly from Soda PDF, a popular PDF editing tool commonly seen in BEC 3.0 attacks, to send emails that encourage users to call a phone number, where money will be attempted to be stolen. 

In this attack, an email is sent directly via Soda PDF as an invoice, and contains a download link that goes directly to Soda PDF. In hopes of extracting finances, hackers provided a number for the end-users to call if they believed there had been an error. Calling the number not only leads victims to provide credit card information, but also saves the telephone number for future scams. 

You can find the blog post here: https://www.avanan.com/blog/using-legitimate-pdfs-for-bec-3.0-attacks?hs_preview=ZFbmDiTP-119400800417

Rresearchers at Avanan, a Check Point Software company, have put out a report where they discuss how hackers are sending spoofed emails and creating spoofed webpages to make it appear as it comes from Anga Com, a popular conference based in Germany for broadband and media distributors attracting over 22,000 participants from 470 companies from across the world.

In this attack, users get an email from what appears to be coming from Anga Com notifying them that visitors expressed interest in their exhibit during the conference. The email continues by encouraging end-users to click on the link and sign into the portal where they are able to interact with the person who initially expressed their interest. The entire ploy was created to ultimately steal user credentials.

You can read the report here.

Avanan, a Check Point Software Company, has released a new report detailing a novel deceptive phishing technique exploiting obfuscation to manipulate users into visiting phishing sites with the concealment of malicious links within images, a tactic known as the Picture-in-Picture (PiP) attack.

The first example is a seemingly ordinary email from Kohl’s to a user who has been chosen to participate in their free Loyalty Program. The second example is a message from Delta with an email congratulating the user that they’ve won a gift card. 

Similar to most marketing emails containing a nice-looking promotional image with a link that will go to the intended page, these phishing emails have a picture behind the URL using even legitimate brand pictures linked to a page. 

Hackers prompt users to click on the legit brand image, behind which are URLs in the emails, to claim their offer. Upon further analysis, these are fraudulent messages from both brands, and the URL has nothing to do with either Kohls or Delta. Meanwhile, each link is similar, whereby users are redirected to credential harvesting pages upon clicking on it to steal their information. 

You can read the report here.

Avanan, a Check Point Software Company, has releasee a report unveiling a new BEC 3.0, leveraging reputable services like Dropbox to distribute phishing content and exploit unsuspecting victims. The hackers initiate the attack by sharing a Dropbox link to a resume PDF. When recipients click on the link, they are directed to a page hosted on Dropbox. This initial communication, appearing to come from Dropbox, may seem harmless due to the platform’s credibility. 

However, the hackers’ utilization of the site introduces malicious intent. Once users click on the link and enter Dropbox, they are presented with a page where they must input their email account and password to view the document. At this stage, the hackers obtain users’ email addresses and passwords, even if the users choose not to proceed further.

After submitting their credentials, users are redirected to another site that hosts a malicious URL. Although the URL originates from a legitimate source, the content displayed on the page raises concerns. Users encounter a webpage that mimics OneDrive, and if they click on the provided link, a malicious file is downloaded.

You can read more about this BEC 3.0 attack here.

In the realm of Business Email Compromise (BEC) attacks, cybercriminals are finding new ways to utilize popular, trusted platforms to launch their malicious activities as the use of legitimate services to propagate attacks is the new norm. Today, Avanan, a Check Point Software Company, have released an attack brief that brings to light a new wave of BEC attacks. 

The report elucidates how hackers are creating malicious landing pages in Squarespace, a reputable website building and hosting company, to bypass security checks like VirusTotal.

The emails associated with these attacks are seemingly innocuous, originating from legitimate domains and containing no alarming text. However, the actions that follow the email click-through are malicious. This highlights the importance of good browser security in complementing email security, as the malicious payload is often nested a few layers past the email.

In light of this new BEC variant, it’s essential for security professionals to implement security measures that scrutinize all URLs and emulate the pages behind them, along with educating users on these new threats.

The detailed attack brief is available at: https://www.avanan.com/blog/bec-3.0-creating-malicious-content-hosted-on-squarespace.

PayPal provides a convenient way for people to send legitimate messages such as invoices and billing reminders. However, its ease of use has caught the attention of hackers, who are now exploiting the platform to send phishing emails that solicit fake donations.

Avanan, a Check Point Software Company, has released an attack brief detailing how hackers are targeting end-users with a fake firefighter fundraising scam. Avanan’s cybersecurity researchers have analyzed the techniques used by these cybercriminals to deceive their victims.

In this scam, hackers create seemingly legitimate PayPal invoices that solicit donations for a fictional firefighter organization. They send these phishing emails directly from PayPal, making the messages appear genuine and more likely to pass security checks. However, careful examination reveals inconsistencies, such as the use of a non-existent organization or a phone number unassociated with a legitimate business.

You can read the attack brief here.

Linktree has become a popular tool for creating bio pages on social media platforms like Instagram and TikTok, allowing users to share their information and social media handles easily. Unfortunately, its ease of use and popularity has caught the attention of hackers, who now use it as a medium for phishing attacks.

Avanan, a Check Point Software Company, has disclosed how hackers exploit Linktree to steal user credentials. Avanan’s cybersecurity researchers have prepared an attack brief that discusses the techniques employed by these cybercriminals to deceive their victims.

In this attack, hackers create legitimate Linktree pages hosting malicious URLs to harvest credentials. They send phishing emails with spoofed Microsoft OneDrive or Sharepoint notifications, tricking users into clicking the malicious links. The victims are then redirected to a fake Office 365 login page where their credentials are stolen.

You can read about this attack here.

Zelle has become a top-rated money-transfer service, making it easy for users to instantly send money to friends or businesses. Unfortunately, its popularity has also attracted the attention of hackers who are now spoofing Zelle to steal money from unsuspecting end-users. 

Avanan, a Check Point Software Company, has revealed how hackers spoofed Zelle to obtain money from their victims. Avanan’s cybersecurity researchers have prepared an attack brief discussing the tactics used by these hackers to deceive their victims.

In this attack, hackers send out well-crafted spoofed Zelle emails to trick users into sending money directly to them. Using social engineering and brand impersonation techniques, cybercriminals convincingly mimic Zelle’s email communications, luring users to click on a malicious link.

You can read the report here.

The new wave of phishing that researchers at Avanan, a Check Point Software Company, recently talked about is BEC 3.0. Hackers can sign up for a free account somewhere, send out an invoice or other communication, and embed the malicious activity within that. Avanan’s covered this ability in PayPal, Google, and more. 

Last year, they wrote about how hackers can do something similar in QuickBooks. Now, they’re back at it. In this attack brief, hackers create free accounts in Quickbooks to steal money and information from end-users by sending fake invoices from a legitimate domain. 

You can read the attack brief here.