Sneaky Credential Phishing Campaign Discovered By Researchers

Dark web security specialists Flashpoint has detected a credential phishing campaign that had a low detection rate.

The campaign seems to have originated out of Western Africa due to the originating IP addresses of the phishing emails, as well as an analysis of the scammers tactics, techniques, and lack of operational security.

Flashpoint warned that the campaign relied on malicious PDF files that contained embedded links. These links redirected potential victims to credential-harvesting phishing sites.

Unsophisticated Practices

“In general, business email compromise (BEC) scams are widely viewed as a type of cybercrime that necessitates relatively minimal technical ability,” said Ronnie Tokazowski, senior malware analyst at Flashpoint.

“Despite this, analysts industry-wide have observed BEC operators progressing from simple schemes such as 419 and fake lottery scams … towards experimenting with malware and creating sophisticated networks in order to quickly and reliably move money from one account to another.

“Through source intelligence, Flashpoint identified a recent credential phishing campaign that had a low detection rate due to its simplicity. The campaign relied on malicious PDF files containing embedded links that redirected potential victims to credential-harvesting phishing sites.”

According to Tokazowski, the scammers sent seventy-three malicious PDFs in credential phishing campaigns between 28 March and 8 August this year.

“These malicious PDFs targeted a range of verticals, including universities, software and technology companies, retailers, engineering organisations, real estate firms, and churches, with the goal of harvesting user credentials,” he warned.

The way the scam would work is the potential victim would receive a malicious PDF containing a malicious link. If they opened the PDF, the potential victim would be presented with a prompt to view a secure online document. If the victim then clicked this link, they would be redirected to a phishing website to input their login credentials.

Login Harvesting

Essentially, at this stage the phishing page would present the potential victim with several options to “download” the file. They are asked for login credentials for their organisation. And once a victim enters their login credentials, the script redirects the victim to a document or web page owned by the targeted organisation.

“If valid credentials were submitted, the actors behind the phishing campaign would harvest them,” wrote Tokazowski. “Once harvested, the threat actors would then use the compromised accounts to send phishing emails to victims’ contacts; the emails may have been viewed as “trusted” by email services given that they were coming from legitimate email accounts.”

And Tokazowski warned that despite western African being considered among the lowest-skilled cyber threat actors, they have been responsible for more than $5 billion  in fraud in the last three years.

Loading ...

Phishing Campaigns

In July Barracuda warned that spear phishing campaigns should be receiving attention, despite all the hype about ransomware of late. A study released in April for example found that 70 percent of UK universities have fallen victim to a phishing attack in the past.

Google and Facebook have also admitted to being tricked out of more than $100 million (£77m) in such campaigns.

Indeed, such attacks were one of the most prominent threat vectors in 2016, a trend which has continued into 2017 as the likes of Netflix, McDonald’s and even the Saudi Arabian government being targeted.

Quiz: Cyber security in 2017

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

EU Adopts Law To Spur Green Tech Manufacturing

EU formally adopts Net-Zero Industry Act that seeks to boost EU green-tech manufacturing against rivals…

8 hours ago

AWS In Talks To Invest Billions In Italy Amidst AI Cloud Surge

Amazon Web Services in talks with Italian government to invest billions of euros in country,…

8 hours ago

Musk’s xAI ‘To Build Nvidia Supercomputer’

Elon Musk reportedly tells investors in start-up xAI company wants to build massive Nvidia-powered supercomputer…

9 hours ago

Proxy Advisory Firm Advises Against Musk Tesla Pay Deal

Proxy advisory firm Glass Lewis advises shareholders to vote against record-breaking Musk pay package at…

9 hours ago

China Premier Welcomes Foreign Tech Investment

In meeting with Samsung chair Chinese Premier Li Qiang welcomes further investment from foreign firms,…

10 hours ago

US Extends Probe Into Applied Materials Over Alleged China Shipments

Chip equipment maker Applied Materials receives new subpoena in ongoing probe into alleged sanctions-breaking shipments…

10 hours ago