Cybercriminals want personal identifiable information so bad they mimic seemingly legitimate enterprises such the Internet Crime Complaint Center, Microsoft Outlook, DocuSign and Google Docs to tempt victims into giving away IDs.
The IC3 released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing PII or downloading malicious files. Users should use caution when reviewing unsolicited messages.
In addition, Campbell, Calif.-based cyberfraud defense firm Barracuda Networks in its Threat Spotlight blog examined how cyberattackers impersonate popular web services such as Outlook, DocuSign and Docs to entice victims into giving away their IDs.
“When you receive an email from a trusted web service such as Microsoft Outlook or DocuSign informing you of unread messages, you might blindly follow the directions to retrieve those messages. Unfortunately, cybercriminals are taking advantage of these trusted brands to convince you to log in to fake website portals and give up your login credentials,” Asaf Cidon, VP of content security services, for Barracuda, said. “Criminals then use these credentials to either commit fraud or to launch targeted spear-phishing campaigns within an organization to steal the crown jewels.”
Barracuda cited emails containing links directing recipients to a fake login page on a legitimate website. There is no malicious attachment and cybercriminals just hope victims will not recognize the web service web portal login page, and freely enter their credentials, giving attackers full access to their email accounts. In addition, hackers typically use zero-day links, not used in other emails, so they don’t appear on any blacklists. Some links represent legitimate but compromised small business websites and appear to have a high reputation to traditional email security systems, which helps them evade detection.
Cidon noted over the past month, they have seen a high volume of activity around this attack, traditional email security solutions will not catch these emails and many will ultimately reach end users without detection. “Millions of these impersonation emails are being sent out in multiple campaigns and users need to be educated on what to look for when receiving emails.”
After stealing the victim’s credentials, the attacker will typically use them to remotely log into the user’s Office 365 or other email accounts and use this as a launching point for other spear phishing attacks.
At this point, it becomes even more difficult to detect attackers at work because they will send additional emails to other employees or external partners, trying to entice those recipients to click on a link or transfer money to a fraudulent account.
Unfortunately, link protection technologies such as safe links will not protect the user against these hyperlinks, according to Barracuda. Since the link contains a sign in page and does not download any malicious viruses, the user still ends up entering their username and password.
“Even if an organization has traditional email security technologies enabled, there will be nothing preventing the user from providing their credentials to the cunning cybercriminal,” Cidon said. The best hope to stop these attacks is artificial intelligence for real-time spear phishing protection in addition to regular training to raise awareness of evolving and new threats.
