A pair of related phishing campaigns this year took the unusual step of intentionally avoiding malicious links or attachments in its emails – a sign that threat actors may recognize the need to come up with new tactics. Here, workers prepare a presentation the day before the CeBIT 2012 technology trade fair. (Sean Gallup/Getty Images)
A pair of related phishing campaigns this year took the unusual step of intentionally avoiding malicious links or attachments in its emails – a sign that threat actors may recognize the challenges posed by secure email gateways and sandbox rules and increasingly savvy users.
In a blog post this week, Cofense reported that actors using the BazarBackdoor malware have been experimenting with roundabout ways of getting users to self-infect. One campaign featured a fraudulent invoice referencing a malicious website, but not directly linking to it. Instead, the attackers are counting on users typing or pasting the URL into their browsers. A second campaign included a phone number that, if called, reaches a fake company representative who will try to trick the user into visiting an attacker-controlled website.
“The notable part abo ..
Support the originator by clicking the read the rest link below.
