New phishing topics detected by Kaspersky experts are reported in relation to compensation, bonuses, and even cashbacks.
Phishing is a way of obtaining user login information including stealing passwords, credit card numbers, bank account details, and other confidential information. Kaspersky notes that cybercriminals can exploit new topics of interest to people to share a malicious link and entice them to click it. In times of crisis and economic uncertainty, it is more common for scammers to provide malicious compensation links to users
To do this, they run “big banks’ advertising campaigns” as popular bait. Visitors to a phishing site are offered a one-time payment or a fee to take a quality of service survey.
Kaspersky says it blocked more than 43 million phishing attacks against users of its products in Southeast Asia last year. Phishing is something that cybercriminals use often, so it’s best for everyone to know how scams work to avoid becoming a victim.
Here’s how the phishing campaign against businesses around the world in 2022 was discovered by experts at Kaspersky. They do it in several stages.
Stage 1: Attackers send emails in the name of a commercial organization asking for more information about the victim company’s products. The email text looks reasonable and has no suspicious elements, such as phishing links or attachments, but the sender’s email address comes from a free domain, like gmail.com.
Stage 2: After the victim replies to the first email, the attackers send a new message, asking them to visit a file-sharing website and view a PDF file with the completed order.
Stage 3: By clicking on the link, the user is taken to a fake website created by the phishing toolkit. This is a pretty simple tool that generates phishing pages to steal credentials from specific resources.
Stage 4: When the victim tries to log in, their username and password are sent.
The campaign began in April 2022, with activity culminating in May and ending in June. Kaspersky identified the targets of this campaign around the world
