Phishing eager travellers

Researchers at Unit 42 have previously reported on how cybercriminals have preyed on consumers during COVID-19 using COVID-19 themed phishing attacks impersonating brands like Pfizer and BioNTech and the use of similar lures concerning protective supplies. Researchers have now observed threat actors taking advantage of travel as a theme for phishing people and stealing data, as post the pandemic travel restrictions ease in some parts of the world.

At the beginning of the pandemic, when people all over the world scrambled to get protective supplies – personal protective equipment, sanitizer and toilet paper – threat actors tried to take advantage of supply issues by selling fake products. They also tried to trick people by purporting to be credible health organizations (such as the WHO) or pharmaceutical companies, all while the actual organizations and companies were trying to make sense of the virus and come up with metrics, protective measures and vaccines.

Although the pandemic is not over, as the world opens up borders and the vaccines slow down the spread of the virus, people who have been cooped up at home are eager to travel. Threat actors are taking advantage of this trend by using travel as a theme for phishing people and stealing data – account credentials, financial information and so on – subsequently selling this data in underground markets.

Unit 42 researchers analysed travel-themed phishing URLs created between October 2019 and August 2021. They discovered a gradual upward trend in the registration of phishing URLs starting early 2021, with a significant increase in June 2021. They also found that in addition to the use of bespoke/new domains for serving the phishing URLs, threat actors also leveraged URL shorteners such as bit.ly and bit.do, and services such as Firebase that are hosted on Google Cloud Storage.

The researchers found that not all the phishing URLs that threat actors leveraged were used for directed attacks or campaigns and some of the URLs were used in malspam campaigns to host malicious content, such as Dridex. With some phishing URLs with travel-related keywords such as “airlines” and “vacation” used by Dridex malware in 2021.

This report again shows that threat actors quickly adapt their tactics to give them the best possible opportunities to engineer victims into clicking on malicious links.

New-school security awareness training can enable your employees to recognize the hallmarks of social engineering attacks.

With thanks to the Cyber Defence Alliance and Palo Alto. The full story is here: https://unit42.paloaltonetworks.com/travel-themed-phishing/

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here’s how it works:

• Immediately start your test for up to 100 users (no need to talk to anyone)
• Select from 20+ languages and customize the phishing test template based on your environment
• Choose the landing page your users see after they click
• Show users which red flags they missed, or a 404 page
• Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
• See how your organization compares to others in your industry

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW