Not so long ago we have told you about a clever phishing technique that leverages Word attachments to infect victims via a sextortion campaign.
Today we announce you that things have evolved, our cybersecurity researchers have just reported that a new sextortion campaign is undergoing.
This huge phishing campaign that has been going on since last two weeks, involves two tricky techniques that are using fake online credit card paying pages or fake online bank account login screens that impersonate the real ones.
Nowadays everyone should keep a vigilant eye on their mobile devices and laptops, which now represent an effective attack vector, and will continue to rise on the cyberspace in the next years.
In these campaigns when users open the phishing email on a mobile device or laptop, it looks like it’s a form of credit card request or bank account log-in screen. Once a user becomes a victim and hands the sensitive data to scammers here comes the most surprising and new twist: scammers will not steal money from their accounts or credit cards like they usually do, instead they will try to contact the victim through a messenger application like Whatsapp.
Here are some screenshots of last spotted conversation with this kind of scam artist:
If they succeed to reach the victim and start a conversation with he or she, they will try to scare them by telling they have a video and other proofs of them watching pornographic materials.
After the fear is installed they will demand money in crypto coins from the fooled victim in order to not share the sensitive contents on their public social networks profiles. If the victim doesn’t comply with the requests or it doesn’t believe them, scammers will send the victim their personal credit card details or paying statements from the hijacked bank accounts that the victim has made on different pornographic sites, if they exist.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Our researchers say that by looking at last year analytics we can see that mobile phishing attacks are on the rise, and largely focuses on consumer-side attacks.
This new campaign is a big deal for hackers because access to a user’s sensitive contents like bank accounts or credit card details can give them a jackpotting opportunity; just imagine the money they can sextort if the user is a CEO or CFO of a big company.
The conclusion is this: phishing cyber attacks have increased significantly. In order to be safe and secured on any kind of device take this example: if a mail/browser asks for your password or any other private/sensitive data, assume you are getting tricked!
Users should also be suspicious of emails that drive a sense of urgency, that ask the user to bypass standard procedures and common sense.
We would continue to monitor these cybersecurity problems. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company network, tests like this include: penetration testing and ethical hacking.
Scan your Mac NOW with CyberByte Antivirus for Mac to check if YOU are infected!
Get your CyberByte™ Antivirus copy from Apple AppStore
CyberByte™ – part of CSD Cyber Smart Defence group of companies
Your Safety is Our Mission!
The anatomy of a Phishing Kit