Online security researchers have uncovered an email phishing attack that steals private financial data through an online quiz.
Victims are lured in to take the online quiz with the promise of receiving coupons after taking it.
The phishing scheme supposedly sent more than 550 million emails in the first three months of this year – targetting users from the US, UK, France, Germany, the Netherlands, among others.
First spotted in January, the phishing emails come in the form of legitimate messages from popular brands in their locale, offering coupons as a reward for taking the quiz or joining a contest.
The emails came in the form of communications from online streaming services, pharmacy brands, telco operators, and more. Some emails even came in the country’s local language.
As the researchers looked deeper into the operations of the phishing campaign, they saw something more troubling.
The campaign used legitimate servers, IP addresses, and domain names – even using tools that shortened the links they sent and that concealed their landing pages.
Security experts believe that a cybercriminal organisation is behind this phishing campaign
This lead the research team to believe that a more serious criminal organisation was behind the campaign as its operating costs alone could be in the tens of thousands of dollars.
On top of this, the techniques employed in the campaign bypassed a number of existing email security tools – adding to the email phishing campaign’s sophistication.
These types of advanced threats are routinely getting through traditional email security products, and despite all the news surrounding malware, phishing attacks are still more prevalent and more dangerous to consumers and corporations.
As consumers, we can follow a couple of tips on our own to safeguard ourselves from these ever-evolving phishing threats:
• Double check emails you receive, even those from familiar brands you patronise.
• Your bank, phone provider, or other utilities you use will never ask your private data through email. Never give your information through this means.
• Do not click on email links that seem suspicious or too good to be true. If it seems fishy, it’s best to just delete it.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.