Lewd Phishing Lures Aimed at Business Explode

[silversurfer]

Attackers have amped up their use of X-rated phishing lures in business email compromise (BEC) attacks. A new report found a stunning 974-percent spike in social-engineering scams involving suggestive materials, usually aimed at male-sounding names within a company.
 
The Threat Intelligence team with GreatHorn made the discovery and explained it’s not simply libido driving users to click on these suggestive scams. Instead, these emails popping up on people’s screens at work are intended to shock the user, opening the door for them to make a reckless decision to click. It’s a tactic GreatHorn called “dynamite phishing.”
 
“It doesn’t always involve explicit material, but the goal is to put the user off balance, frightened – any excited emotional state – to decrease the brain’s ability to make rational decisions,” according to the report.
 
GreatHorn observed the malicious URLs largely do one or more of the same three things: Download malware; send users to a bogus dating site to trick victims into entering payment data; or track users for a follow-up attack, which the report said is likely to involve blackmail. Scammers use a tactic called email pass-through to track their victims.
 
“The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address,” the report said. “Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage.”

Read more: Lewd Phishing Lures Aimed at Business Explode | Threatpost