Kaspersky experts detected intensified scam activity, when cybercriminals tried to steal corporate email credentials by mimicking messages from a well-known logistics company. Attackers targeted organisations in various countries, including Russia, Pakistan, Algeria, Saudi Arabia, Mexico, Egypt, Kuwait, Oman, Brazil, and Kenya. In June 2024, Kaspersky solutions detected almost 500 emails as part of this phishing campaign.
What does the scheme look like?
In the phishing emails, cybercriminals report a planned delivery, which, according to them, should arrive at the port of unloading at the agreed time. The attachment contains a link supposedly to a PDF file, which, according to the attackers, contains an invoice and other important documents. The fake email is signed by the customer service of a large international logistics company. It is composed according to the canons of business correspondence, and the logo is identical to the original. Thus, the message can easily be mistaken for a real email. If the recipient opens the document, they will be automatically redirected to a phishing page. There, in order to view confidential documents, they will be asked to go through authorisation by entering the login and password from the corporate email. However, in fact, the credentials will be leaked to the cyber criminals.
What next?
Having access to email accounts, attackers can obtain other confidential corporate information stored in correspondence, such as invoices, contracts, and information about internal processes in the company. They can then resell this data to interested parties, use it for blackmail, or implement further attacks on the enterprise.
"Attackers often disguise phishing mailings as business correspondence. You need to be very careful with how you manage any online resources, especially where you are asked to enter credentials or other confidential information. When receiving emails from supposedly verified large companies, first of all, think about whether the information enclosed in the email is relevant and check with colleagues from other departments. This scheme may be aimed at those employees who are not directly involved in organising the delivery and receipt of goods and are not aware of the details and are only responsible for verifying documents. Carefully read all electronic letters where you are asked to enter confidential data," comments Roman Dedenok, a security expert at Kaspersky.
To avoid becoming a victim of phishing attacks, Kaspersky recommends that users do not trust letters from unfamiliar mailboxes, especially when it comes to confidential data, monetary transactions, and suspicious attachments, even if they visually look like they came from a reputable organisation. Companies should install a reliable security solution that will automatically send such letters to spam, such as Kaspersky Secure Mail Gateway, and also regularly conduct cybersecurity training for employees, teaching them to recognise social engineering techniques, for example, using Kaspersky Automated Security Awareness Platform.