19 min read

2022 Year In Review

By WMC Global Threat Intelligence Team on 1/31/23 1:51 PM

The WMC Global Threat Intelligence Team observed a noticeable escalation in targeted and sophisticated phishing campaigns throughout 2022, with a surge in SMS phishing and a decrease in campaigns featuring large corporations. Threat actors began to shift their focus to developing smish-to-vish campaigns campaigns where threat actors use phone numbers in SMS messages as opposed to link-based phishing. In 2022, we also finally saw a move away from Covid-19 phishing lures as pandemic-related government funds and support stopped. Several new threat actors made an appearance in 2022 with prolific and novel campaigns explored below targeting banks and big name brands.

The latest US trend has seen threat actors moving from generic, wide-reaching phishing attacks using major banks as lures to targeted attacks featuring small credit unions. Although customers of financial institutions are the most common mark, there was a jump in threat actors specifically targeting credit union customers throughout the US, whereas in the UK a prevalent phishing campaign took advantage of the government-backed energy rebate scheme as energy prices peaked at an all-time high. As expected, big brands like Microsoft, Apple, Netflix, and PayPal were still targeted regularly throughout the year. 

Topics: SMS Attack Phishing Phishing Kit Microsoft Office 365 Banking Hermes Courier Scam Food Delivery Service Phishing SMS Phishing Just Eat Uber Eats Credential Phishing Food Delivery App Phishing package delivery scam
12 min read

Microsoft Office 365 Voicemail Phishing Attack

By WMC Global Threat Intelligence Team on 12/9/21 10:00 AM

On December 1st, WMC Global encountered a large-scale email phishing campaign targeting Microsoft Office 365’s voicemail functionality. The email subject, “Voiceᴍᴀɪʟ,” uses several Latin characters in an attempt to bypass email filtering systems. The attack was live until December 4th. 

Topics: Phishing Phishing Kit Threat Intel Microsoft Office 365 Voicemail Voice Victim File Passwords
16 min read

The Compact Campaign

By WMC Global Threat Intelligence Team on 3/4/21 12:27 PM

SuMMARY

Phishing campaigns continue to utilize the disruption of the pandemic to target victims, and a new campaign takes advantage of Zoom's rising popularity. Since December, the "Compact" Campaign has been targeting thousands of users by impersonating a Zoom invite and is estimated to have collected over 400,000 Outlook Web Access and Office 365 credentials. This campaign is unique in its use of trusted domains to ensure delivery of phishing emails and preventing phishing pages from being blocked. This is especially worrisome for organizations who will struggle to defend against this attack.

Topics: Phishing Phishing Kit Data Exfiltration Microsoft Office 365 Zoom
2 min read

Office 365 Phishing Uses Image Inversion to Bypass Detection

By WMC Global Threat Intelligence Team on 11/4/20 9:00 AM

Many detection engines crawl websites and follow links to determine whether a website is malicious or masquerading as another. The difficulty threat actors face combatting these advanced technologies is that their phishing websites must bypass the detection engine, while simultaneously gaining a victim’s trust by displaying images and themes that mimic the targeted website.

Topics: Phishing Microsoft Office 365 Image Inversion