![]() ![]() “This is nothing more than a credential capture. Trustwave’s advice to anyone who has clicked onto the link is for them to change their passwords. #Faxdocument forgot password code“If you are going to that much effort to customise all this code and scripting under the hood to make a campaign that is flexible enough to manage all these different domains, we expect they are going to reuse this in the future,” he said. He continues: “What we are seeing here is a hybrid technique – they are throwing a wide net because they have this chameleon technique, but they are also using it in a very targeted way because it makes the recipient think that their specific credentials are being requested.”Īfter tracking the ‘fax phishing campaign’ for the last few weeks, Trustwave believes this particular scam appears to have been taken down now but Sigler predicts that enterprises have not seen the last of this type of chameleon attack. ![]() Select eFax Messenger from the printer list and click Print (this will launch Messenger) Fill out the fax form in Messenger and click Send. This is a push away from the wide net attacks that we saw five to ten years ago that were tossed out to as many emails as possible.” Select Print - the Print Dialog Box will appear. “They already know what email you are using they’ve done the reconnaissance ahead of time, so they know exactly who they are targeting. While there appears to be no direct financial gain from the attack, Sigler explains that access to email accounts is often enough – allowing attackers to discover banking details or passwords for other logins.Īccording to Sigler, organisations that still use faxes – such as healthcare and law firms – are particularly vulnerable to these attacks and the security expert warns that phishing campaigns are increasingly becoming targeted towards specific organisations. “Often just pulling out a couple of elements, especially if someone isn’t looking that closely is more than enough to fool someone into believing it’s genuine.” While the fake morphed email site is not identical to the genuine ones – discerning users might notices some discrepancies in the font as well as the capitalised branding – Trustwave threat intelligence manager Karl Sigler noted: Researchers found four elements that changed to trick victims into thinking that they were on an authentic site: the page background, a blurred logo, the title tab and the capitalised text of the domain from the email provider. Spiderlabs analysed the malicious email after trapping it in one of its email security gateway products, which sits in front of an enterprise’s email server. The victim is then invited to input their details into a fake login page tailored to whatever email service the victim is using in a chameleon-like attack: Gmail users, for instance, will see a different page from Apple, Outlook or Yahoo Mail users. The email presents itself as a fax document which prompts the user to click on the link to be able to view the missed message. Cyber security firm Trustwave SpiderLabs has uncovered a new credential-capture phishing scam that uses a landing page capable of customising itself into the user’s email service to trick them into revealing their login details. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |