phishing campaign active in the UK

Written By Damon Rands

A credential-harvesting phishing campaign currently affecting the UK. The campaign has been active since at least July 2018 through various iterations, with a recent spike in reports to the NCSC in early October 2019. It appears to be spreading indiscriminately across a very broad range of UK sectors.

In this campaign, the user receives a phishing email from a legitimate and known email account which has been compromised. Phishing emails were previously sent from contacts in recent email communications with the recipient, and the subject lines often mirrored the most recent email exchange. This created an initial plausibility for the user to trust the email.

More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank.

The recent iteration of these phishing emails consists of a black ellipsis with a grey highlighted background and a single sentence underneath containing a hyperlink. There are some slight variations in the sentence wording but the four structures currently prevalent include:

  • Notification received Open notification.

  • Notification received View notification.

  • Notification clipped Open notification.

  • Notification clipped View notification.

If the user clicks on the hyperlink, a spoofed login webpage appears, which includes the victim organisation’s logo and email address, as well as a password entry form. Just clicking on this hyperlink is enough for the Cyber criminals to steal your credentials.

Contact Wolfbery to learn more abut the best ways to secure your systems.

download.png
Damon Rands
Previous

Wolfberry - Best International Cyber Security Consultancy Firm

Next

The differences between CE standard and Plus