NKY has published an article detailing how cybercriminals are using the Silicon Valley Bank collapse in a credential harvesting phishing scheme. Which is something I’ve been predicting for a few days now.
This report details how the phisher is using a fake DocuSign email notifications requiring the unsuspecting customer to sign important documents.
You can read the report here.
INKY has published a new Fresh Phish article. In it, INKY uncovers how Phishers posing as home security giant Ring, created a phishing campaign designed to steal credit card information and social security numbers from unwitting customers.
This article details how the phisher used a HTML attachment that created a fake Ring Website of the user’s local machine.
You can read the article here.
INKY has published a new Fresh Phish, in which INKY’s cybersecurity research analysts describe that they’ve detected what might be a new email phishing trend.
This report outlines how hackers have been caught using a clever ‘image-based phishing scam’ that has been able to circumvent most email security systems.
You can read the full report here.
INKY detected an influx of phishing emails from the U.S. Social Security Administration (SSA). While the email display address reads “Social_Security_Administration,” further inspection reveals the sender’s true origin to be a random Gmail address.
INKY has published a report analyzing the Gmail senders’ origin, phone number in PDF attachment payload, brand impersonation, and voice phishing (vishing) techniques, and the subject lines, which include case and docket numbers to make the phishing threat seem more official.
This attack is the second government agency phishing campaign out of three that INKY will publish over the next two weeks. Last week, INKY published the first of this series, which you can find here: Small Business COVID-19 Grants Designed for Disaster.
You can see the latest report that INKY has published here.
As the medical threats of the pandemic wane, cybersecurity threats remain on solid footing. INKY has revealed the latest phishing attack that its cybersecurity researchers have discovered in which government loans and grants for small businesses are being used as bait by cyber criminals in a sophisticated credential harvesting and brand impersonation scheme that uses Google Forms.
The new research explores the attack campaign and flows overview of the origin of hijacked accounts, abused Google Forms websites payload, brand impersonation and free cloud resource abuse techniques, and targeted attacks against entrepreneurs.
You can read the full report from INKY here.
INKY has released the latest report in its phishing attack series, “Fresh Phish: Netflix Bad Actors Go Behind the Scenes to Stage a Credential Harvesting Heist.” The research reveals that INKY’s researchers have detected Netflix impersonated in a PII data harvesting campaign using malicious HTML attachments compressed in zip files to exploit end-users of the streaming service.
Bukar Alibe, a cybersecurity analyst at INKY, explores answers to the following questions in the new research:
You can read the report here and I would suggest that you set aside some time to have a look at the report as I got an advanced copy of it over the weekend and it makes for some interesting reading.
INKY researchers have disclosed the firm’s findings on the latest variant of the tried-and-true phone scam, a low-tech phone scam where hackers extract personal information by sending out spoofed emails from what appears to be a legitimate source, with no suspicious links or malware attachments, just a pitch and a phone number.
This time around, hackers impersonate reputable retail brands such as Amazon, Apple, and Paypal, to send out legitimate notifications from QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house expertise in finance and accounting. The notifications presented an invoice and a contact phone number to dispute the charge. Calling this number allowed hackers to extract financial information.
Seeing as this sort of scam can be dangerous as I’ve illustrated here, reading this report which can be found here is very important in my mind. The full report can be read here.
From the end of 2019 through May 2022, INKY detected 1,429 malicious emails via Telegraph, an API launched by Telegram in 2016 that has been described as an anonymous blogging platform to go along with its popular messaging app.
Recently, there’s been a massive uptick in the volume of these attacks: 1,288 of these emails were sent in 2022 alone. The payloads included cryptocurrency scams using techniques including brand impersonation, credential harvesting, hijacked accounts, and free website abuse to target Microsoft 365 users.
The bitcoin address associated with this scam had received several transactions totalling almost three million dollars and the leger at blockchain.com showed that the scam worked several times.
You can view the report here.
Researchers at INKY have released a new report which uncovers an account takeover attack exploiting the The National Health Service (NHS) in the UK. As the host for any government entity in the UK, this attack is systemically hitting thousands from legitimate email accounts.
These emails are presenting fake new document notifications with malicious links to credential harvesting sites that targeted Microsoft credentials.
Starting in October 2021 and escalating dramatically in March 2022, INKY detected 1,157 phishing emails originating from NHSMail, the NHS email system for employees based in England and Scotland. Last year, this service was migrated from an on-premise installation to Microsoft Exchange Online. This migration, with its changed security environment, could have been a factor in the attack.
We reported our initial findings to the NHS on April 13, and as of April 14, the volume of attacks decreased dramatically, as the NHS took measures to stop them. However, INKY users were still receiving a few phishing emails from the NHS mail domain (nhs[.]net) after that time.
You can read the full report here and it is very much worth reading so that you are on top of this attack campaign.
Mega Tax Time Phishing Scheme Detailed By INKY
Posted in Commentary with tags INKY on April 13, 2023 by itnerdINKY has published a new Fresh Phish. Tax season can bring out the worst in phishers, but this scam has an interesting twist!
This report details how the phisher is targeting tax professionals and stealing the data and credentials they need to file false claims, all with the help of a service called ‘Mega’, that the notorious crime ringleader Kim Dotcom founded.
The report can be found here.
Leave a comment »