Archive for INKY

Silicon Valley Bank Phishing Scams Are In High Gear Says INKY

Posted in Commentary with tags on March 16, 2023 by itnerd

NKY has published an article detailing how cybercriminals are using the Silicon Valley Bank collapse in a credential harvesting phishing scheme. Which is something I’ve been predicting for a few days now.

This report details how the phisher is using a fake DocuSign email notifications requiring the unsuspecting customer to sign important documents.

You can read the report here.

INKY Shows How Ring Is Being Used In A Phishing Scam

Posted in Commentary with tags on March 8, 2023 by itnerd

INKY has published a new Fresh Phish article.  In it, INKY uncovers how Phishers posing as home security giant Ring, created a phishing campaign designed to steal credit card information and social security numbers from unwitting customers.

This article details how the phisher used a HTML attachment that created a fake Ring Website of the user’s local machine.

You can read the article here.

INKY Reveals A New Clever Image Based Phishing Scam

Posted in Commentary with tags on November 16, 2022 by itnerd

INKY has published a new Fresh Phish, in which INKY’s cybersecurity research analysts describe that they’ve detected what might be a new email phishing trend.

This report outlines how hackers have been caught using a clever ‘image-based phishing scam’ that has been able to circumvent most email security systems.

You can read the full report here.

New Social Security Administration Phishing Scam Targets U.S. Citizens with SSN Suspension Threats: Inky

Posted in Commentary with tags on October 19, 2022 by itnerd

INKY detected an influx of phishing emails from the U.S. Social Security Administration (SSA). While the email display address reads “Social_Security_Administration,” further inspection reveals the sender’s true origin to be a random Gmail address. 

INKY has published a report analyzing the Gmail senders’ origin, phone number in PDF attachment payload, brand impersonation, and voice phishing (vishing) techniques, and the subject lines, which include case and docket numbers to make the phishing threat seem more official. 

This attack is the second government agency phishing campaign out of three that INKY will publish over the next two weeks. Last week, INKY published the first of this series, which you can find here: Small Business COVID-19 Grants Designed for Disaster

You can see the latest report that INKY has published here.

New Attack Targets Entrepreneurs Using Google Forms To Exploit Government Agency SBA Covid Loans In Email Phishing Campaign

Posted in Commentary with tags on October 12, 2022 by itnerd

As the medical threats of the pandemic wane, cybersecurity threats remain on solid footing. INKY has revealed the latest phishing attack that its cybersecurity researchers have discovered in which government loans and grants for small businesses are being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.

The new research explores the attack campaign and flows overview of the origin of hijacked accounts, abused Google Forms websites payload, brand impersonation and free cloud resource abuse techniques, and targeted attacks against entrepreneurs.

You can read the full report from INKY here.

Researchers Discover Netflix Spoof As Bad Actors Target Streaming Service Viewers to Steal PII: INKY

Posted in Commentary with tags on September 21, 2022 by itnerd

INKY has released the latest report in its phishing attack series, “Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist.” The research reveals that INKY’s researchers have detected Netflix impersonated in a PII data harvesting campaign using malicious HTML attachments compressed in zip files to exploit end-users of the streaming service.

Bukar Alibe, a cybersecurity analyst at INKY, explores answers to the following questions in the new research:

  • How can just one click unzip a disastrous credential harvesting scheme?
  • Why does this phishing threat evade most email security services?
  • What techniques gave hackers a strategic advantage to trick victims?

You can read the report here and I would suggest that you set aside some time to have a look at the report as I got an advanced copy of it over the weekend and it makes for some interesting reading.

 Hackers Abuse Quickbooks to Send Phone Scam Emails: INKY

Posted in Commentary with tags on July 13, 2022 by itnerd

INKY researchers have disclosed the firm’s findings on the latest variant of the tried-and-true phone scam, a low-tech phone scam where hackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number. 

This time around, hackers impersonate reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting. The notifications presented an invoice and a contact phone number to dispute the charge. Calling this number allowed hackers to extract financial information.

Seeing as this sort of scam can be dangerous as I’ve illustrated here, reading this report which can be found here is very important in my mind. The full report can be read here.

New Research Indicates That Telegram’s Blogging Platform Exploited in Hijacked Emails Revealing $3M Crypto Scams

Posted in Commentary with tags on June 1, 2022 by itnerd

From the end of 2019 through May 2022, INKY detected 1,429 malicious emails via Telegraph, an API launched by Telegram in 2016 that has been described as an anonymous blogging platform to go along with its popular messaging app. 

Recently, there’s been a massive uptick in the volume of these attacks: 1,288 of these emails were sent in 2022 alone. The payloads included cryptocurrency scams using techniques including brand impersonation, credential harvesting, hijacked accounts, and free website abuse to target Microsoft 365 users. 

The bitcoin address associated with this scam had received several transactions totalling almost three million dollars and the leger at showed that the scam worked several times.

You can view the report here.

NHS Hit By Account Takeover Attack Exploiting Legitimate Employee Accounts To Hijack for User Credentials

Posted in Commentary with tags on May 4, 2022 by itnerd

Researchers at INKY have released a new report which uncovers an account takeover attack exploiting the The National Health Service (NHS) in the UK. As the host for any government entity in the UK, this attack is systemically hitting thousands from legitimate email accounts.

These emails are presenting fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials. 

Starting in October 2021 and escalating dramatically in March 2022, INKY detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees based in England and Scotland. Last year, this service was migrated from an on-premise installation to Microsoft Exchange Online. This migration, with its changed security environment, could have been a factor in the attack. 

We reported our initial findings to the NHS on April 13, and as of April 14, the volume of attacks decreased dramatically, as the NHS took measures to stop them. However, INKY users were still receiving a few phishing emails from the NHS mail domain (nhs[.]net) after that time. 

You can read the full report here and it is very much worth reading so that you are on top of this attack campaign.

Supreme Court Phishing Attack Variant Using Tactics Similar To The Calendly Campaign

Posted in Commentary with tags on April 13, 2022 by itnerd

On the heels of the Senate confirming Ketanji Brown Jackson for the upcoming Supreme Court vacancy, INKY cybersecurity engineers detected a relevant phishing attack – a new variant on an existing phishing campaign using tactics similar to the Calendly hack that INKY’s researchers recently discovered.

Today INKY published research analyzing the novel phishing attack impersonating the Supreme Court with fraudulent emails that included a Notice of Summons threatening arrest if the recipient didn’t appear in court exploiting vulnerable and susceptible victims to click on a malicious link. Examination of the code revealed similarities down to the level of variable names, implying that the perpetrators were using the same phish kit and were the same threat actor group that launched the Calendly attack.

You can take a look at the forensic analysis of this new phishing campaign here: