Phishers eye small businesses for targeted attacks
Phishing attacks are becoming increasingly more targeted. A number of new tricks have also been discovered, from HR dismissal e-mails, to attacks disguised as delivery notifications.
As a result, security solutions have detected 2 023 501 phishing attacks in SA, Kenya, Egypt, Nigeria, Rwanda and Ethiopia.
South African users have been targeted the most by this type of scam: there were 616 666 phishing attacks detected in three months in SA, followed by Kenya with 514 361, Egypt with 492 532, Nigeria with 299 426, Rwanda with 68 931 and Ethiopia with 31585.
These are some of the findings in Kaspersky’s new spam and phishing in Q2 2020 report.
Phishing has been an effective attack method because it is carried out at a massive scale, and often with a ‘mud against the wall’ approach. By sending vast numbers of e-mails under the name of legitimate institutions or promoting fake pages, malefactors increase their chances of success.
However, the first six months of 2020 have shown a new aspect to this well-known type of scourge - targeted attack on smaller businesses. According to Kaspersky, these attacks can have devastating consequences, as once a bad actor has gained access to an employee's mailbox, they can use it to carry out further attacks on the company, the rest of its staff, or even its contractors.
“To attract attention, fraudsters forged e-mails and Web sites from organisations whose products or services could be purchased by potential victims. In the process of making these fake assets, fraudsters often did not even try to make the site appear authentic.”
Old dog, new tricks
The COVID-19 outbreak has already seen criminals change their tactics when trying to find out personal information.
These include disguising their communications with unsuspecting users as delivery services, because at the peak of the pandemic, organisations responsible for delivering letters and parcels were in a hurry to notify recipients of possible delays. These are the types of e-mails that attackers began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination.
Another new tactic employed by bad actors was a message containing a small image of a postal receipt. The scammers expected that the intrigued recipient would accept the attachment (which, although it contained ‘JPG’ in the name, was an executable archive) and decide to open it.
Phishing attacks using banks in the second quarter were often carried out using e-mails offering various benefits and bonuses to customers of credit institutions due to the pandemic. E-mails received by users contained a file with instructions or links to get more details. As a result, depending on the scheme, fraudsters could gain access to users’ computers, personal data, or authentication data for various services.
Finally, the weakening of the economy during the pandemic in a number of regions caused a wave of unemployment, and malefactors did not miss this opportunity. Kaspersky researchers stumbled upon various mails that announced, for example, some amendments to the medical leave procedure, or surprised the recipient with the news about their dismissal. In some attachments, there was a Trojan commonly used for downloading and installing encryptors.