Spam and phishing in Q2 2021

[harlan4096]

Quarterly highlights

The corporate sector

In Q2 2021, corporate accounts continued to be one of the most tempting targets for cybercriminals. To add to the credibility of links in emails, scammers imitated mailings from popular cloud services. This technique has been used many times before. A fake notification about a Microsoft Teams meeting or a request to view an important document traditionally takes the victim to a phishing login page asking for corporate account credentials.

Cybercriminals also faked emails from cloud services in schemes aimed at stealing not accounts but money. We saw, for example, spoofed messages about a comment added to a document stored in the cloud. The document itself most likely did not exist: at the other end of the link was the usual recipe for making a fast buck online by investing in Bitcoin or a similarly tempting offer. Such “offers” usually require the victim to pay a small amount upfront to claim their non-existent reward.

In addition to various cloud-related emails, we blocked messages disguised as business correspondence and containing links to malware. In particular, an email threatening legal action claimed that the victim had not paid for a completed order. To resolve the issue amicably, the recipient was asked to review the documents confirming the order completion and to settle the bill by a certain date. The documents were supposedly available via the link provided and protected by a special code. In fact, the file named “Договор №8883987726 от 10.10.2021.pdf.exe” (Agreement #8883987726 of 10.10.2021.pdf.exe) that the victim was asked to download was a malicious program known as Backdoor.Win32.RWS.a.

COVID-19 compensation fraud

In Q2 2021, scammers continued to exploit the theme of pandemic-related compensation. This time, offers of financial assistance were mostly sent in the name of government agencies. “The UK Government” and “the US Department of the Treasury” were ready to pay out special grants to all-comers. However, attempts to claim the promised handout only led to monetary loss or compromised bank card details. It goes without saying that the grants did not materialize.

It was bank card details, including CVV codes, that were the target of a gang of cybercriminals who created a fake informational website about social assistance for citizens of Belarus. To make the pages look official, the scammers described in detail the system of payouts depending on the applicant’s line of work and other conditions. The information bulletin issued in the name of the Belarus Ministry of Health clearly spelled out the payment amounts for medical staff. Workers in other fields were invited to calculate their entitled payout by clicking the Get Social Assistance button. This redirected the visitor to a page with a form for entering bank card details.
...

Continue Reading