19 min read

2022 Year In Review

By WMC Global Threat Intelligence Team on 1/31/23 1:51 PM

The WMC Global Threat Intelligence Team observed a noticeable escalation in targeted and sophisticated phishing campaigns throughout 2022, with a surge in SMS phishing and a decrease in campaigns featuring large corporations. Threat actors began to shift their focus to developing smish-to-vish campaigns campaigns where threat actors use phone numbers in SMS messages as opposed to link-based phishing. In 2022, we also finally saw a move away from Covid-19 phishing lures as pandemic-related government funds and support stopped. Several new threat actors made an appearance in 2022 with prolific and novel campaigns explored below targeting banks and big name brands.

The latest US trend has seen threat actors moving from generic, wide-reaching phishing attacks using major banks as lures to targeted attacks featuring small credit unions. Although customers of financial institutions are the most common mark, there was a jump in threat actors specifically targeting credit union customers throughout the US, whereas in the UK a prevalent phishing campaign took advantage of the government-backed energy rebate scheme as energy prices peaked at an all-time high. As expected, big brands like Microsoft, Apple, Netflix, and PayPal were still targeted regularly throughout the year. 

Topics: SMS Attack Phishing Phishing Kit Microsoft Office 365 Banking Hermes Courier Scam Food Delivery Service Phishing SMS Phishing Just Eat Uber Eats Credential Phishing Food Delivery App Phishing package delivery scam
7 min read

Evri- UK Package Delivery Scam

By WMC Global Threat Intelligence Team on 5/19/22 10:21 AM

Threat actors have found continuous success using package delivery services as SMS phishing lures since the start of the COVID-19 pandemic and package delivery phishing attacks are the number one harvester of credit cards that WMC Global is currently seeing. Scammers now gravitate towards any new courier as a lure because of the sheer effectiveness of the campaigns. These lures are often used to perform call back scams but consumers get wise to the same attack content, resulting in threat actors needing to diversify and increase their portfolio of campaigns. Introducing Evri, the latest UK courier company to be heavily targeted and brand abused for credential phishing attacks. 

Topics: Covid SMS Attack Phishing Kit Threat Intel Banking Courier Scam SMS Phishing Credential Phishing package delivery scam
2 min read

Phishing for Finance - Akamai x WMC Global SOTI Report

By WMC Global Threat Intelligence Team on 5/19/21 3:00 PM

Cloud and enterprise security leader Akamai has partnered with WMC Global researchers to release their State of the Internet report focusing on phishing in the financial services industry. We have included key excerpts below and access the full report HERE.

HIGHLIGHTS

  • In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion of them in the financial services space, representing a 45% growth over 2019.
  • The number of web attacks targeting the financial services industry grew by 62%. Akamai observed 736,071,428 web attacks recorded against financial services in 2020. What was the number one web attack type targeting financial services? Local File Inclusion (52%), followed by SQL Injection (33%) and Cross-Site Scripting (9%). 
  • An API used by the Ex-Robotos phishing kit, which targets corporate credentials, logged more than 220,000 hits over 43 days, with peaks in the first week of February 2021 reaching tens of thousands per day.

     

FINANCIAL PHISHING

Over the past several years, phishing has remained a constant variable in many of the data breaches and security incidents that have dominated the headlines. Criminals have dedicated a good deal of energy and resources toward advancing the phishing economy on a regular basis. Gone are the days of basic cloned websites. Today, phishing is a turnkey business, even offered as a hosted solution for criminals who wish to leverage phishing-as-a-service developments.

As phishing attacks and kit development started to advance, defenders realized that usernames and passwords alone were not enough. To combat the phishing onslaught and other password-based attacks, defenders turned toward multi-factor authentication (MFA) and two-factor authentication (2FA) to help augment basic passwords. While 2FA is a subset of MFA, both provide the means of a second type of authentication, such as a PIN or one- time password (OTP). Often, 2FA is associated with SMS-based OTPs, whereas MFA is associated with authenticators, like Google Authenticator.

Fast-forward to today — the criminals have evolved. This change includes elements that target 2FA and MFA protections, where victims are tricked into filling out their OTP or revealing it to the threat actor during a conversation.

In this report, WMC Global and Akamai present research related to threat actors and the phishing kits being used to target the financial services industry, or people within it. One relatively new threat actor poses a serious threat to the financial services industry in the UK, with the development of dynamic phishing kits that effectively bypass secondary methods of authentication.

Topics: Phishing finance Banking
6 min read

Kr3pto Puppeteer Kits: Dynamic Phishing Kit Targeting UK Banking Customers

By WMC Global Threat Intelligence Team on 12/16/20 10:00 AM

At WMC Global, we are tracking a threat actor who goes by the alias "Kr3pto," a phishing kit developer who builds and sells unique kits targeting UK financial institutions amongst other brands.

Topics: Phishing Kit finance Kr3pto Banking Puppeteer Kit Multi-Factor Authentication
4 min read

Bank of Guam Phishing Campaign Analysis

By WMC Global Threat Intelligence Team on 10/30/20 1:00 PM

Topics: Phishing Phishing Kit Banking 2FA Bank of Guam Two-Factor Authentication