At the end of August, Kaspersky experts discovered a phishing campaign with an unusual attack vector – through an image. This scam targeted organisations in the fields of online retail, distribution, transportation, and logistics. The cyber attackers aimed to steal corporate email credentials from potential victims.
Within the phishing scheme, the cyber attackers send emails in English, allegedly on behalf of a South Korean company.
Pretending to be employees of this organisation, the cybercriminals email about sending instructions to their bank for transferring a payment. They ask potential victims to check the details in the scanned document, which is added to the body of the letter.
According to the legend, this must be done quickly in order to receive payment as soon as possible.
“The image in these phishing emails is poorly visible – this is what the attackers are counting on,” comments Roman Dedenok, a cybersecurity expert at Kaspersky. “Even if a person does not expect an email, he may be interested in looking at the details.
“However, in reality, the image hides a phishing link. If the users click on the scan, they will be redirected to a fake resource that mimics a file sharing service from Adobe. There, they will be asked to enter the credentials for a corporate email account to gain access to the document. However, this should never be done, otherwise this information will go to the cybercriminals.”
To avoid becoming a victim of such phishing attacks, Kaspersky recommends that users do not trust emails from unknown mailboxes, especially when it comes to confidential data, financial transactions and suspicious attachments, even if it visually looks like the email came from an organisation with a good reputation. Kaspersky also recommends that companies install a reliable security solution that will automatically send such emails to spam.