Quarterly highlights
Targeted attacks
The second quarter often saw phishers resort to targeted attacks, especially against fairly small companies. To attract attention, scammers imitated email messages and websites of companies whose products or services their potential victims could be using.
The scammers did not try to make any of the website elements appear credible as they created the fake. The login form is the only exception. One of the phishing websites we discovered even used a real captcha on that form.
The main pretext that scammers use to prompt the target to enter their information is offering an online catalog that purportedly only becomes available once the target provides the login and password to their email account.
In one instance, phishers used Microsoft Sway, the service for creating and sharing presentations, to hunt for logins and passwords for corporate accounts. The user was offered to view presentations belonging to another company in the same industry by following a link and entering the login and password for their work email account.
A fake website can be recognized by its design. The workmanship is often rough, and the chunks of information on the various pages are disjointed due to being pulled from diverse sources. Besides, pages like that are created on free hosting websites, as cybercriminals are not prepared to invest too much money in the fakes.
A ..
Support the originator by clicking the read the rest link below.
