While new threats are emerging that hit new avenues or targets like PoS systems and cryptocurrencies, old threats like phishing remains to be an effective means of gathering user data. A simple spam email that leverages holidays, online shopping, release of anticipated gadgets, and hot/current news items can redirect unsuspecting users to survey scams and phishing pages that ask for their credentials and personal identifiable information (PII). A very recent example of this is the attacks we saw leveraging the interest around the World Cup.
Phishing pages often mimicked legitimate banks’ websites to trick users into thinking that they’re inputting their information to the real banks or companies. As an example, the research done by Trend Micro experts on the Russian underground has revealed the amount of information gathered by a cybercriminal that “specializes” on stealing such information. On the other hand, spear phishing, a more dangerous variant of phishing, is primarily utilized for targeted attack campaigns. These malicious emails use contextually relevant subjects, and send to employees of various functions in order to penetrate the network.
To avoid becoming victims of phishing and other nefarious threats that come with it, we created the video below to educate users on how you can spot phishing scams. It specifically looks at a phishing operation in Brazil that leveraged on the recently concluded 2014 World cup and hosted phishing site templates, malware, and victims’ personal documents in an online sharing site.
This is the first of our Cybercrime Exposed series of videos, which aims to expose the inner workings of the latest threats today to arm users with awareness. Stay tuned for the next episodes to be released within the next few months.
Update August 8, 2014: Check out the part 2 of our Cybercrime Exposed video series, entitled Cybercrime Exposed Part 2: When Adware Goes Bad – A Closer Look at Adware