IN the technology sector, Microsoft stands out as one of the most frequently impersonated brands. Scammers commonly pose as Microsoft employees or affiliated vendors, deceiving email recipients.
According to the latest research findings from Harmony Email & Collaboration, this trend is accelerating. Across the past month, cybersecurity researchers have caught over 5,000 emails masquerading as Microsoft notifications. The emails utilize exceptionally sophisticated obfuscation techniques, rendering it nearly impossible for users to distinguish them from legitimate communications.
The business implications are significant, as email compromise could lead to email account takeover, ransomware, information theft, or other negative outcomes.
Cybersecurity researchers have caught emails masquerading as Microsoft notifications utilizing exceptionally sophisticated obfuscation techniques, rendering it nearly impossible for users to distinguish them from legitimate communications. CONTRIBUTED PHOTO
What’s happening?
The fake Microsoft emails don’t originate from private or unknown domains — a clue that the emails are potential threats. Rather, the emails appear to come from organizational domains impersonating legitimate administrators.
The main portion of a given email will typically include a fake login page or portal, where malicious content may be hidden. An unsuspecting user can easily click on this and input sensitive information or download a threat.
To hide the malicious intent of these emails, cybercriminals are deploying sophisticated obfuscation techniques. Some emails include copied-and-pasted Microsoft privacy policy statements, contributing to an authentic “look and feel.”
Other emails have links to Microsoft or Bing pages, making it even more challenging for traditional security systems to recognize and mitigate these threats effectively.
In the email, a cybercriminal has spoofed a Microsoft email and also impersonated an organization’s business administrator, sending a (fake) email on the administrator’s behalf. The email looks believable.
In particular, the style of the email is so duplicative of what users generally receive that a given user would have no reason to flag it. The language is perfect. The style is familiar. The graphics look impeccable. So, what should organizations do?
Mitigations
There are measures that organizations can take to sidestep these email-based threats. They include:
User awareness training. This requires a mention, although generative AI-based text means that users can no longer rely on grammatical errors and stylistic inconsistencies as primary indicators of social engineering.
AI-powered email security. This stops the full spectrum of inbox incursions. AI-powered email security tools leverage behavioral analysis and machine learning in order to prevent email spoofing, phishing, BEC threats and more.
Software patching. Organizations should keep all software up to date, as to prevent cybercriminals from exploiting any bugs that could allow for easy email spoofing or disruption.
Cryptocurrency drainer
Check Point Research uncovered a new malicious crypto drainer app on Google Play designed to steal cryptocurrency. The first time a drainer has targeted mobile device users exclusively, this app used modern evasion techniques to avoid detection and remained available for nearly five months before being removed.
Using advanced social engineering by posting as a legitimate tool for Web3 apps, the attackers exploited the trusted name of the WalletConnect protocol, which connects crypto wallets to decentralized apps, which led to the theft of around $70,000 in cryptocurrency from victims.
Fake positive reviews and using the most modern crypto drainer toolkit helped the app achieve over 10,000 downloads by manipulating search rankings.
As digital assets become increasingly popular, so do the risks that come along with it. Despite improvements in cryptocurrency wallet security and growing user awareness about the dangers, cybercriminals continue to find increasingly sophisticated ways to deceive users and bypass security measures.
Crypto drainers, which are malware designed to steal crypto assets, have become a popular method for attackers. Using phishing websites and apps that mimic legitimate cryptocurrency platforms, attackers fool users into authorizing an illegitimate transaction, which allows the drainer to execute the transfer of digital assets to the perpetrators.
For the first time reported, these malicious tactics have also extended to mobile devices. Check Point Research (CPR) identified an application called WalletConnect on Google Play that leveraged a crypto drainer to steal users’ assets.
Mimicking the legitimate Web3 open-source protocol WalletConnect, the malicious app, using advanced social engineering techniques and technical manipulation, deceived users into believing it was a safe way to transfer cryptocurrency.
First uploaded to Google Play in March 2024, the app went undetected for over five months using evasion techniques and was installed over 10,000 times, stealing over $70,000 in cryptocurrency from unsuspecting victims.
Be the first to comment