Brian Krebs just posted the following alert: “Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else.”
Here’s a look at a recent phishing campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.
On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word documents. The template was part of a phishing kit being traded on the underground, and the user of this kit decides which of the options in brackets actually get used in the phishing message.
Yes, the spelling/grammar is poor and awkward (e.g., the salutation), but so is the overall antivirus detection rate of the attached malicious Word document. This phishing kit included five booby-trapped Microsoft Word docs to choose from, and none of those files are detected as malicious by more than three of the five dozen or so antivirus products that scanned the Word docs on May 22, ten whole days after they were spammed out.
According to both Fortinet and Sophos, the attached Word documents include a trojan that is typically used to drop additional malware on the victim’s computer. Previous detections of this trojan have been associated with ransomware, but the attackers in this case can use the trojan to install malware of their choice.
Also part of the phishing kit was a text document containing some 100,000 business email addresses. If only a tiny fraction of the recipients of this scam were unwary enough to open the attachment, it would still be a nice payday for the phishers.
The law firm domain spoofed in this scam — wpslaw.com — now redirects to the Web site for RWC LLC, a legitimate firm based in Connecticut. A woman who answered the phone at RWC said someone had recently called to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter.
As phishing kits go, this one is pretty basic and not terribly customized or convincing. But I could see a kit that tried only slightly harder to get the grammar right and more formally address the recipient doing quite well: Legitimate-looking legal threats have a way of making some people act before they think. Full article with phishing template and links:
No tags for this post.
Based Blockchain Network