2015 has just begun, and we decided to look back to analyze how things were in the past year at the field of internet fraud. In this article we want tell you about the most prominent phishing attacks of 2014, because you should know how not to take the baits in the future.
Despite the fact that the government is trying to help us keep the personal data, we shouldn't forget that it's our personal responsibility.
It may seems that the fax machines is something outdated and forgotten in the deep 90s. However, as no surprise, fax message is very popular tool for phishing in our days. Last year there were several major phishing attacks organized in such a way: scammers send an email message, which on behalf of a public body are asked to fax some specified data on, for example, tax returns that includes certain personal information. Many companies still hold fax machines in their offices, but almost never use them. This type of attack is unusual and even exotic in our time, so nothing-unsuspecting recipient of such message will not even doubt that it was a trick. Letterhead is present; stamp and signature are present too.
When the data is transmitted to the fax number (to which no one ever answers), a document is scanned and forwarded in electronic form to a scammer's email. It's extremely difficult to stop this kind of fraud. It remains to rely only on your own carefulness.
This attack is based on sending official emails supposedly from banks or other large organizations with an attached archive that contains a .NET Keylogger application. This is simple software that records various user actions - keystrokes on a computer keyboard or on mouse buttons. It is very convenient to steal account information. You simply tap on keys, and the program records your actions and sends it to attackers. We want to remind you once again - use the most advanced anti-virus software and don't forget to update it in order not to allow scammers to grab all your passwords.
The scheme of phishing is very simple in this case. Probably there are no people who have not got such messages. Let's consider a real case. You receive an email from a reputable person named Eric, who is representing the interests of "your" deceased uncle from a very distant country, for example, from the Togolese Republic (the country in West Africa that sits between Ghana and Benin). It sounds strange , but who cares?. Mr. Eric sends you photos of himself and his family, as well as scanned documents to prove his identity and the details of the heir account to confirm the legality of given information.
In his turn, he asks you to send your personal data: passport and banking details. All correspondence is accompanied by phrases about how little time is left (it's wonder, what's the rush? Your uncle has already died. Ah?). From the beginning, you can already understand that this is an ordinary scammer, because miracles unfortunately do not occur, and there is no such thing as a free lunch.
You can find in the Internet many similar cases.
Have fun reading and be vigilant!
Such malware is attached to phishing emails as in the case with .NET Keylogger. A user installs this app by himself completely under various pretexts invented by the scammer. The extortionist locks the screen of the hapless user's personal computer, so it can be unlocked (actually not) after purchasing of a special key or the malware will delete all data on the hard disk. Bitcoins were particularly popular in 2014 among the internet users, so attackers decided to take payments for unlocking in this currency. After we analyzed the e-purses of extortionists, we found that they were able to gather from the victims more than $130.000.000.
Most modern antivirus software can help you to solve this problem.
This phishing attack allows a scammer to feel the full authority over a victim. Generally, malicious PDF files are sent via email and presented as a very important document that should be read immediately. Opened PDF file injects malicious code that exploits the vulnerability of the PDF viewer program. Scammers use Zlib to complicate the analysis. It's a free cross-platform library for data compression in several layers and for variable names that are complicated to track. The purpose of the attack can be taking control of your system (privilege escalation), as well as violation of its operation (DoS-attack).
Taxes, death, and phishing email messages that spoof the IRS. Spoofing US nation's tax collection agency is a tried and true tactic, and this phishing email from August 2014 played on the recipient's excitement to receive a tax refund by linking to a page for the recipient to specify payment information for refund, provided he/she enters login credentials. After performing OSINT analysis on the phishing page, observant users found the same text had been used way back in 2006. History repeats itself.
These primitive but very popular (due to the global political situation) phishing emails were come in handy in the second half of last year. It's a standard situation - an attached archive with infected files that hiding under the color of the "Glory to Ukraine" screensaver. But where is the phishing? In fact, it's just the notice of receipt of the fax message, which you can view by clicking on the link, and therefore loss of confidentiality of your personal data. Good pay for inquisitiveness.
In the end of October 2014, users began receiving phishing messages from hacked ".edu" domain. These emails contained ZeuS, a remote access Trojan, in archive with information about some fake payments. Scammers thought this domain created specifically for educational institutions just could not seem suspicious to the victims, because it is considered as the most secure and prestigious. Moreover, this expectation was met. This way of spreading malware and data theft has been very effective.
The growing popularity of cloud services, such as Dropbox, is prompted scammers to create a new method of malware delivery to our computers. Scammers send an email message with fake invoice from Dropbox. The link to the service was clear, but it leaded to a zip-file containing infected SCR script. Dropbox quickly responded to this fraud and created protection for users, but hackers have found a way to bypass a spam filter. Using Dropbox is so common that no one will never block this service as potentially dangerous, so stop this kind of spread of viruses and Trojans is extremely difficult.
Most popular phishing emails in 2014 at first glance seemed quite harmless. These emails came with links that is stored on third-party cloud services. The content was simple. It's a link to invoice. But when a user downloads it to his/her computer, Dyre installs itself into the system for remote access. This Trojan is designed to steal banking information and personal data. Spread of the this malware was so broad that group to deal with breaches of computer security in the network had to work hard to get rid of the virus and help users not to fall for a scam.
Scammers are getting more and more sophisticated ways of phishing. This case was not included in the Top 10 of 2014, but we were struck by its simplicity and treacherously. The purpose of the attack was to obtain control over the email inbox. And we decided to include it in this article as a special case under "ZERO" number.
All the stories in the article are real, and this one has occurred directly with one of our colleagues. That's what she said:
"I received an email alert about a new message from one famous website. It said that a certain user from this community left me a message that can be read by the link. Absolutely standard practice! When I clicked to the link, a window, similar to ones that appears when you log in through social networks appeared and asked me to give access to my email , and my hand reached to do this. But common sense prevailed, because the loss of access to an email is the real tragedy in our time. Afterwards I changed a password to protect my email".
Remember that email protection requires some preventive actions. Be careful, attentive and vigilant each time you open your email inbox!