Phishing - October Malicious Email - bwPhishing attacks thrive in chaos, and there is certainly no shortage of turmoil right now. I wanted to share with you some of the leading threats SilverSky’s Threat Intelligence Team has identified, as well as a threat reported in a recent news article.

Since phishing campaigns generally rely on emotions like confusion, urgency, and fear, it isn’t surprising that attackers continue to take advantage of the COVID-19 pandemic and the anxiety surrounding the upcoming US presidential election. 

The following is a summary of what we are seeing out there right now. For more detailed information and malicious email observations over time, I invite you to access our Malicious Email Report Library.

Emotet Spear-Phishing Campaign Leverage Presidential Election Anxiety

Emotet, by far today’s largest malware botnet, had triggered multiple security alerts this month in countries such as France, Japan, New Zealand, and the US. The emails contain links and attachments with fake documents such as invoices, shipping information, CVs, financial documents, scanned documents, or information on COVID-19.

Additionally, SilverSky’s Threat Intelligence Team observed Emotet’s presence as attackers take advantage of the anxiety surrounding the US elections. We spotted a new spam campaign pretending to be from the Democratic National Convention’s (DNC) Team Blue initiative. Emotet’s primary goal is to convince recipients to open the attached malicious document. Once the attachments are opened, and macros enabled, the malware will be installed and executed on the user’s machine. 

Directly after the first Presidential debate, the threat actors behind Emotet, mainly known as TA542, executed a new spam campaign pretending to be from the DNC asking for volunteers to help Democrats get elected.  SilverSky’s Threat Intelligence Team also discovered a few Emotet very recently containing the keyword “County” and “Administration” in the subject line linking the messages to the county offices that handle voting processes like registration, voting, and counting ballots. 

Voter Registration ‘Error’ Phishing Attack

Similar to election-related phishing campaigns seen by SilverSky, other stories related to voter registration have been reported. Further leveraging election anxiety, these phishing emails tell recipients that their voter registration applications are incomplete, ultimately aiming to steal social security numbers, date of birth, driver’s license data, and more.

The emails look as if they were sent by the US Election Assistance Commission, an independent government agency that serves as an election administration information resource. The email contains a URL leading to a spoofed web page aiming to capture the above-mentioned personal data. The emails’ subject line and body include wording like “voter registration”. 

This campaign uses a classic but effective social engineering tactic. An urgent problem is shared with the recipient, and they must share personal information to correct the issue.1

https://silversky.com/malicious-email-activity-report-library/Return of Amazon Phishing Scam  

Of course, online shopping has increased a great deal during the pandemic. Therefore, it is not surprising that our Threat Intelligence Team has tracked an increase in phishing campaigns targeting Amazon customers. One of the malicious emails contains the subject line “You are receiving this email because you are an Amazon customer.”  The sender’s address impersonates Amazon with the address of <account-update@amazon[.]co[.]jp> to look genuine. The link within the email redirects to a fake Amazon login page hosted on a [.]xyz TLD domain. 

Always look for spelling or grammatical errors. It also essential to note that Amazon does not use email to request customers’ confidential information like a PIN, credit card number, security code, or bank account information.

FedEx-Themed Dridex Malspam

FedEx is the latest lure used by cybercriminals to spread Dridex in a worldwide campaign. Our Threat Intelligence Team has discovered new malspam attacks that exploit a fake invoice with a zipped archive file or excel file attached. Once the attachment is opened, the file will communicate with command and control (C2) servers and downloads a DLL immediately. 

The user’s machine is then infected with the malware (Dridex), which specializes in stealing bank credentials. The emails have subject lines beginning “Fedex Tracking Number,” followed by a random reference number, pretends to be delivered from FedEx <no-reply[@]fedex[.]com> and claims that the parcel has just arrived. SilverSky’s Threat Intelligence team uncovered another email with an “Invoice Ready for Payment” subject line in this campaign. 

To learn more about the cyberattacks observed every month, we encourage you to access our Malicious Email Attack Report Library. As always, if SilverSky can help you better protect your digital estate from phishing attacks and cybersecurity threats at large, don’t hesitate to contact us.

 

Sources:

  1. “Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy,” Lindsey O’Donnell, Threat Post, October 2, 2020

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.