New Phishing Campaign Using Variations of Attack Patterns To Avoid Detection

Phishing Campaign Veiled As Paid Invoice

Cyber Security researchers have revealed about a new malware campaign going on in the wild. The phishing campaign adopts inconsistent attack patterns to evade detection.

As explained, this phishing campaign is like any other typical phishing attack, beginning with an email. However, the ever-changing attack patterns can circumvent email security tools to reach the target user’s inbox. The email masks itself as a payment confirmation to trick users.

The content of the email includes a malicious URL that automatically downloads a Word template on the victim’s device. This MS Word file carries the Trojan.

To bluff users, the attackers use legit email addresses of compromised accounts. Whereas, the email content includes near-valid details, such as the name of a fellow employee of the victim as the sender, subject lines that hint of a payment invoice, and email content designed as an invoice. Nonetheless, the underlying language of the email may evade detection tools.

Inconsistent Attack Patterns for Trojan Delivery

According to the findings, the new phishing campaign follows ever-changing attack patterns. Thus, it becomes difficult to spot spam emails right away.

As observed, the subject line of the email may usually carry words likes “receipt” or “payment”. Whereas, the attackers may either use a different email address with a valid employee’s name of the target firm or may use a valid compromised email account of the firm with an arbitrary name.

The researchers observed three different variants of the attack on the same day at different times. This shows the creativity of the attackers to evade identification and subsequent blocking.

So, once again, the entire responsibility of staying protected from such phishing attacks falls on the shoulders of the users.

A few days ago, we have heard of at least three other phishing campaigns exploiting Facebook Login Pages, LinkedIn direct messages by sending fake job offers as well as Microsoft Office tech support phishing. The new era of fishing techniques and hackers are growing in complexity and professionalism tricking even sophisticated users.

What Can You Do To Avoid This?

Always check the URL (Domain Name) of the link you are being directed to click. It will never be a real facebook.com or linkedin.com URL, the scammers will use variants that look extremely similar so that unaware users simply do not notice.