Hacking trends you need to know about
Home security cameras, Slack and delayed delivery messages have all become increasingly popular phishing strategies for cyberattacks, writes Liron Barak of BitDam
We are all familiar with phishing attacks through email, aiming to steal personal information, credit card details, passwords and identities. But besides these well-known techniques there are also new phishing strategies you might not notice at first glimpse that are becoming increasingly popular. These cyberattacks have been detected in the past couple of weeks in Israel, Europe and the United States, threatening users despite their regular security and anti-virus measures.
1. A delayed delivery cyber attack: Getting a message or an email from DHL, UPS, or Israel Postal Company can be a clever trap. Hackers use this method to make people share their credit card details, claiming that paying a small fee will allow the package to be delivered as scheduled. In fact, this is exactly what happened to me. I received a text message from DHL about a package that is delayed by the Israeli Tax Authority. That made sense to me because I order a lot of things online. I clicked the link and their website looked completely normal. Because I inspect surprising phishing attacks almost every day, I was a bit skeptical and decided to open the link on my laptop. It still didn’t look suspicious at all, but I decided to use a fake credit card number just to double-check this isn’t a scam. When I received a message that the payment was approved, I realized that this is a phishing attack and was glad I didn’t use my real credit card.
2. A cyber attack using Slack: Hackers used slack to break into EA Games and stole a wealth of data by tricking an employee over Slack to provide a login token. Slack, a messaging app for business that connects people and enables information sharing, is widely used by Israeli startups. While employees use it to share data, assuming that this is a secure environment, this incident teaches us an important lesson: this app, just like many others, is vulnerable to cyberattacks and social engineering.
3. A cyber attack through your home security cameras: recently, a person connected the laptop he uses for work to his security cameras to download security footage. The cameras had a virus that infected his laptop. But that’s not all. The victim shared documents with his team members using Google Drive and Slack, also infecting their computers.
4. Evade with a click of a Captcha: It starts with what seems like an innocent email. Here is one example for a subject line: “New Sharedfile Received for BRAND“. Opening the email, it looks like the email contains several attachments and the user is requested to click a button to view them saying “BRAND uses Outlook Files to share documents securely”. Clicking it would lead to a captcha page.
Perhaps the most interesting thing about the attacks that BitDam prevented among its customer base was that most of them were leading to fake Microsoft login pages. Microsoft remains the number one target with hackers desiring to steal Microsoft user credentials.
What can we do about it?
Assuming you don’t want to be the next victim, checking if your email security vendor detects such attacks is a good way to start, but it’s certainly not enough. Of course, you should never enter your credentials to unknown websites, but this tip is quite outdated. Everyone knows they shouldn’t click suspicious links but somehow there are more successful phishing scams every day. This means someone does click them, right?
If you do come across a URL that you aren’t sure about and would like to scan for phishing before going on, you can always use this online phishing scanner that will give you a verdict in no time, letting you know if the link is a phishing scam.
Liron Barak is the CEO & Co-Founder of BitDam