A Microsoft study shows that campaign threats were carefully planned for the entire operation. In the end, though, everything went to waste thanks to the implementation of the scam.
We’ll look at how our readers are using VPN in a future in-depth report. We would love to hear your views on the survey below. It doesn’t take more than 60 seconds of your time.
For their campaign, attackers register a typo domains more than 120 different organizations to emulate real businesses either by using the wrong domain name or by slightly changing the spelling of the business.
But when they sent the actual phishing email, the registered domain from which the email came was not always consistent with the organization that pretended to be the email. Imagine a Microsoft employee asking you to buy gift cards for Google employees.
The researchers share that this campaign targeted a number of companies in the areas of consumer goods, process industry and agriculture, real estate, separate manufacturing and expert services.
The original phishing email usually had a very vague request and the body of the message contained a few details related to the item to make the email look legitimate.
If the recipient responded to the email, the attacker responded with a request to purchase a gift card.
In some cases, Microsoft researchers found that attackers went directly to the gift card claim using a method of generating fake responses to add legitimacy to their emails.
In the fake responses, the threat operator contained the original message appearing in the email body, the subject line of which began with “Re:” gives the impression that the attacker was merely responding to an existing email chain.
Also, unlike regular phishing scams, the operators behind this took the extra step of falsifying the In-Reply-To and References headers of phishing emails to add extra legitimacy to the email.