Hackers go to great lengths, including impersonating real people and creating and updating fake social media profiles, to trick victims into clicking phishing links and handing over usernames and words outmoded.
The alert from the UK’s National Cyber Security Center (NCSC) – the cybersecurity arm of intelligence service GCHQ – warns that phishing attacks are targeting individuals and organizations across a variety of industries.
The end goal of phishing attacks is to trick the victim into clicking on malicious links that lead to fake but realistic login pages where the victim will enter their login credentials, allowing the attackers to access their account, that hackers abuse. directly or use to gain access to other victims.
Many malicious links are designed to resemble commonly used cloud software and collaboration tools, including OneDrive, Google Drive, and other file-sharing platforms. In one case, the attackers even set up a Zoom call with the victim and then sent a malicious URL to the chat bar during the call. They also created several personas in the phishing thread (all controlled by the attackers) to add an appearance of legitimacy.
Also: What is Phishing? Everything you need to know to protect yourself against email scams – and worse
The first step in spear-phishing attacks is research and preparation, with attackers using publicly available profiles, such as social media and networking platforms, to find out as much as possible about the targets, including their contacts. professionals and personal in the real world. .
It is also common for attackers to create fake social media and network profiles based on real people to help make the approaches convincing, while some of the approaches are designed to look like they are related to events. real, but are false.
According to the NCSC, the campaigns are the work of cyberattackers based in Russia and Iran. The Russian and Iranian campaigns are unrelated, but the tactics overlap as they are effective in tricking people into falling victim to phishing attacks. Regardless of who the attackers are impersonating or what decoy they are using, a common feature of many spear phishing campaigns is how they target personal email addresses.
It is likely that this tactic is being used to circumvent cybersecurity controls in place on corporate accounts and networks, although corporate or work email addresses have also been targeted.
Another key technique behind these phishing campaigns is the patience of the attackers, who take the time to establish a relationship with their targets. These attackers don’t immediately dive in, asking their target to click on a malicious link or open a malicious attachment. Instead, they slowly build trust.
Also: Email is our best productivity tool. This is why phishing is so dangerous for everyone
This process usually begins with a first email that seems benign, often related to a topic that, with careful preparation, is likely to be interesting and engaging for its target audience.
Attackers will then send e-mails with their target, sometimes for a long time, waiting to have reached the required level of trust so that the victim has no qualms about opening a link or an attachment.
The malicious link will be sent under the guise of an interesting and relevant document or website for the victim – for example, a conference invitation or an agenda – which redirects the victim to a server controlled by the attacker.
When the victim enters their username and password to access the malicious link, this information is sent to the attackers, who can now exploit the victim’s emails and additional accounts.
According to the NCSC, this exploitation includes stealing account information and files, as well as monitoring future emails and attachments that the victim sends and receives.
Also: Security Researcher Easily Caught My Passwords and More: How My Digital Fingerprints Left Me Surprisingly Overexposed
The attackers also used access to a victim’s email account to enter mailing list data and contact lists, which are then mined for follow-up campaigns, with the attackers using the compromised email address to carry out further phishing attacks against others.
“These campaigns by threat actors based in Russia and Iran continue to ruthlessly pursue their targets with the goal of stealing online credentials and compromising potentially sensitive systems,” said Paul Chichester, Director of NCSC operations.
“We strongly encourage organizations and individuals to remain alert to potential approaches and to follow the advisory’s mitigation advice to protect themselves online,” he added.
The NCSC warns users to be vigilant and on the lookout for techniques detailed in the alert, such as emails allegedly related to work-related circumstances, which are sent to personal email addresses.
It is recommended that you use a strong password to secure your email account, a password separate from the passwords of all your other accounts, so that in case attackers manage to steal your password from messaging, they couldn’t use it to gain access to your other accounts.
Another way to protect your account from phishing attacks is to enable multi-factor authentication, which can prevent hackers from accessing your account, even if they know your password, and warn you that your information is identification may have been compromised. .
You should also protect your device and network by applying the latest security updates, which can prevent attackers from exploiting known software vulnerabilities to launch attacks or gain access to your account.