Security expert Tatyana Sidorina

Phishing more targeted under Covid-19

Tech Reporter

Phishing attacks are becoming more targeted, with new tricks ranging from HR dismissal emails to attacks disguised as delivery notifications.

Findings documented in Kaspersky’s new spam and phishing in Q2 2020 report indicate that security solutions have detected 2 023 501 phishing attacks in South Africa, Kenya, Egypt, Nigeria, Rwanda and Ethiopia.

Phishing is one of the oldest and most flexible types of social engineering attacks. They are used in many ways, to lure unwary users to a site and trick them into entering personal information. That often includes financial credentials such as bank account passwords or payment card details, or login details for social media accounts.

In the wrong hands, this opens doors to various malicious operations, such as money being stolen or corporate networks being compromised.

South African users have been influenced the most by this type of threat, with 616 666 phishing attacks detected in three months;  followed by Kenya (514 361), Egypt (492 532), Nigeria (299 426), Rwanda (68 931) and Ethiopia (31 585).

Phishing is a strong attack method. By sending massive waves of emails under the name of legitimate institutions or promoting fake pages, malicious users increase their chances of success in their hunt for people’s credentials.

Security expert Tatyana Sidorina says when summarising results of the first quarter they assumed that Covid-19 would be the main topic for spammers and phishers, and it certainly happened.

“While there was the rare spam mailing sent out without mentioning the pandemic, phishers adapted their old schemes to make them relevant for the current news agenda, as well as come up with new tricks,” she said.

The first six months of 2020, however, have shown a new aspect to this well-known form of attack. Phishers increasingly performed targeted attacks, focusing mostly on small companies.

The fraudsters forged emails and websites from organisations whose products or services could be purchased by potential victims. In making these fake assets, fraudsters often did not even try to make the site appear authentic.

Once a fraudster has gained access to an employee’s mailbox, they can use it to carry out further attacks on the company the employee works for, the rest of its staff, or even its contractors. The news agenda, following the Covid-19 outbreak, has influenced the ‘excuses’ fraudsters use when asking for personal information.

This includes disguising their communications as delivery services. At the peak of the pandemic, organisations responsible for delivering letters and parcels needed to notify recipients of possible delays. These are the types of emails that fraudsters began to fake, with victims asked to open attachments to find out the address of a warehouse where they could pick up a shipment that did not reach its destination.

Another relatively original move used by fraudsters was a message containing a small image of a postal receipt. The scammers expected that the recipient would accept the attachment; which, although it contained ‘JPG’ in the name, was an executable archive as the full version, and decide to open it. The Noon spyware was found in mailings such as these.

Bank phishing attacks often used emails offering various benefits and bonuses to customers of credit institutions due to the pandemic. Emails contained a file with instructions or links to get more details. As a result, depending on the scheme, fraudsters could gain access to users’ computers, personal data, or authentication data for various services.

The weakening of the economy during the pandemic caused unemployment, and fraudsters used this opportunity to strike. Kaspersky experts encountered various mailings that announced, for example, some amendments to the medical leave procedure, or surprised the recipient with the news about their dismissal. In some attachments, there was a Trojan-Downloader.MSOffice.SLoad.gen file. This Trojan is most often used for downloading and installing encryptors.

Leave a Reply

Your email address will not be published. Required fields are marked *