Cyber Security News

Suspicious teaser: Kaspersky warns that scammers hide phishing links behind images

Kaspersky

At the end of August, Kaspersky experts discovered a phishing campaign with an unusual attack vector – through an image. This scam targeted organizations in the fields of online retail, distribution, transportation, and logistics. The cyber attackers aimed to steal corporate email credentials from potential victims.

Within the phishing scheme, the cyber attackers send emails in English, allegedly on behalf of a South Korean company. Pretending to be employees of this organization, the cybercriminals email about sending instructions to their bank for transferring a payment. They ask potential victims to check the details in the scanned document, which is added to the body of the letter. According to the legend, this must be done quickly in order to receive payment as soon as possible.

Phishing email with the image

“The image in these phishing emails is poorly visible – this is what the attackers are counting on. Even if a person does not expect an email, he may be interested in looking at the details. However, in reality, the image hides a phishing link. If the users click on the scan, they will be redirected to a fake resource that mimics a file sharing service from Adobe. There, they will be asked to enter the credentials for a corporate email account to gain access to the document. However, this should never be done, otherwise this information will go to the cybercriminals,” comments Roman Dedenok, a cybersecurity expert at Kaspersky.

To avoid becoming a victim of such phishing attacks, Kaspersky recommends that users do not trust emails from unknown mailboxes, especially when it comes to confidential data, financial transactions and suspicious attachments, even if it visually looks like the email came from an organization with a good reputation. Kaspersky also recommends that companies install a reliable security solution that will automatically send such emails to spam, such as Kaspersky Secure Mail Gateway, and also regularly conduct cybersecurity training for employees, teaching them how to recognize social engineering techniques, for example, using the Kaspersky Automated Security Awareness Platform.

Related posts

ESET Releases Latest APT report: China-Aligned Groups Expand Targeting; Iran Advances Diplomatic Espionage

Enterprise IT World MEA

SAS Acquires Hazy Synthetic Data Software

Enterprise IT World MEA

Alteryx Announces Streamlined Enhancements for Hybrid Analytics Processes and Workflows

Enterprise IT World MEA

Leave a Comment