A cybergang has been targeting Canadian business banking customers with customised phishing attacks, designed to trick account holders into disclosing their credentials.

Likely based out of Ukraine, the group uses targeted emails, sent to stakeholders with tailor-made messages crafted to look genuine. These include correct bank logos, accurate information and proper language.

Inside this emails is an infected PDF file which victims are encouraged to download and open. Within these files are the URL links, keywords and brand abuse factors which are usually detected by security programs.

X-Force researchers noted that the content of the PDF changed corresponding to a specific victim’s role, an indication that the attackers had prior knowledge of their selected recipients.

If victims clicked the embedded link inside the PDF, they were sent to an initial URL that redirected them to the next one. The second bounce is where the phishing attack was actually hosted, presenting victims with a fake process to synchronise their token devices. Account information, when entered into the fake site, was sent in real-time to attackers.

“This is a perfect example of how Phishing campaigns are becoming increasingly sophisticated and targeted,” said Eyal Benishti, CEO and founder of IRONSCALES. “As is the case here, fraudsters are frequently adopting spoofing and impersonation techniques in a quick, easy, and incredibly successful way to lure their potential victims into a false sense of security. As a result, it is becoming virtually impossible for end users to identify these phishing emails as they land in inboxes across the workforce.

“It is imperative to help users identify well-crafted impersonation techniques, in order to avoid a potential cybersecurity incident, which could be crippling for an organisation. By integrating automatic smart real time email scanning into multi anti-virus, and sandbox solutions, forensics can be performed on any suspicious emails either detected, or reported.”

by
Alex Hamilton is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: alexanderh@ibsintelligence.com
imp-loader
preloader