“The goal is to convince consumers to register or log into what they think is their real Amazon or Walmart account in order to receive a gift card. Sadly, no gift card or bonus bucks will be received, but instead consumers end up surrendering their account credentials — which can lead to all types of destructive behavior,” Barracuda Networks researchers warn.
The new report from Barracuda Networks Inc. out today showcases real examples of phishing emails offering time-sensitive gift cards and huge discounts impersonating brands such as Amazon.com Inc., Wal-Mart Stores Inc., Kohl’s Corp., Luxottica Group SpA’s Ray-Ban sunglasses and Michael Kors Holdings Ltd.Although Barracuda investigated a number of leading brands, the report noted that the names of the brands the attackers are impersonating are less important than the tactic, since criminals can quickly change the name of the brand and launch new mass phishing scams.
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
For retail security professionals, Black Friday has become synonymous with long lines and short tempers as shoppers converge on brick-and-mortar stores looking for the best deals. But while the annual day after Thanksgiving shopping bonanza remains a significant challenge from a physical security perspective, it appears that many fraudsters have shifted their focus from in-store schemes to online scams as consumers increasingly turn to e-commerce as a way to save both time and money during the busy holiday season.
Research by Barracuda shows that attackers are hijacking names like Amazon, Walmart, Kohls, Ray-Ban and Michael Kors, in some cases offering up to80% off products and services. In the case of Amazon, the attacks contain gift card scam emails. In addition, the scammers are also mimicking brick-and-mortar stores such as Walmart and Kohls.
Finance workers are seeing a wave of phishing attacks that send victims a link to a fake invoice that appears to come from a trusted party, according to a new threat spotlight report from security firm Barracuda Networks.These emails don't usually appear to be out of the ordinary, and guide the recipient to click on a link to an invoice. The sender's name is carefully chosen by the attackers to be someone the recipient knows and trusts.
“The message itself doesn’t seem out of the ordinary, but the included link should raise a red flag,” writes Lior Gavish, VP of content security services at Barracuda. “The entire goal for this attempt is to get the recipient to click on the link, and the criminals have done a decent job of subtly placing the link within the message.”
This is a throwback to the old invoice scams sent by direct mail. An accountant in a company would get an invoice — usually for a modest amount — and pay it without questioning it.
A wave of cyberattacks is targeting organisations' financial departments with a social engineering and phishing campaign designed to trick victims into downloading credential-stealing malware and other threats.Detailed by researchers at Barracuda Networks, the invoice impersonation attacks aim to persuade the victim that the messages are from trusted sources, or to act on impulse -- planting the idea that the target has lost money is a common tactic in phishing emails, as it creates panic for the user.
The most recent evolution in social engineering involves multiple premeditated steps. Cybercriminals hunt their victims instead of targeting company executives with a fake wire fraud out of the blue. They first infiltrate their target organization from an administrative mail account or low-level employee, then use reconnaissance and wait for the most opportune time to fool the executive by initiating an attack from a compromised mail account. Here are the abbreviated steps commonly taken in these spear phishing attacks and solutions to stop these attackers in their tracks.
Many real estate professionals have become keenly aware of targeted wire fraud scams that include email impersonation tactics. A growing avenue cyber criminals are using to get highly sensitive financial data is known as spear phishing, according to Asaf Cidon, vice president of content security for Barracuda Networks, a data protection company.