Fraud and confidence schemes of the modern day: Phishing
History:
Prior to sophisticated electronics and computers, fraudsters or con men found ways with far less technical means to swindle people out of anything of value. Then came the Internet.
Phishing has its roots in the 1790's, and more recently 1990's with Vic Commodore computers, AOL, credit cards number thefts and the Warez community. "The Warez Scene" as it is known was a group of people specializing in distribution of pirated content dating back to 1975. Phishing attempts were crude in the early days. As phishing became more prominent criminal elements started to get focused: first on selecting specific companies as targets, then focusing on extorting top tier executives and eventually the complete hostage taking of companies technical assets (software, hardware, networks) with the introduction of ransomware.
The internet just made all of this a lot easier. In 1995 random credit generators existed with the use of algorithms. For a more complete reading see Ed Skoudis' Malware timeline that tracks the growth of technology, industry and subterfuge. January 2, 1996 the term phishing was for the first time posted on a Usenet group on AOL. By September of 2003 hackers and con men began registering domains of popular companies, by October of 2003 Pay Pal users found malware contained on clickable emails and the Minmail Virus was introduced to the public.
2004 produced another first as email solicitations for the U.S. Presidential campaign of John Kerry came in from bogus sites in India and Texas. Phishing was now making its debut in US Presidential campaigns. Fraudsters continued to use phishing in the years following and in its pursuits found novel ways to leverage the internet like link manipulation, web site cloning, filter evasion, website forgery, covert redirect and much more.
Today APWG provides an annual report for phishing and much of the same rings true about fraud and con men. They find a soft spot and prey on their victim. They are patient, technically smart and hungry for a win while the rest of us are just trying as best as we know how to avoid them at all cost.
Who is APWG?
The APWG is registered as a U.S. based 501(c)6 corporation (a business oriented not for profit) as defined by the the IRS internal revenue code. On its web site APWG states, it is a international coalition unifying the global response to cybercrime across industry, government, law enforcement and NGO communities.APWG.EU the institution's European chapter established in Barcelona in 2013 as a non-profit research foundation incorporated in Spain and managed by an independent board, including APWG founding directors; and the STOP. THINK. CONNECT. Messaging Convention, Inc., a US-based non-profit 501(c)3 corporation jointly managed by APWG and Washington, D.C.-based N.C.S.A..
What is Phishing?
Phishing as defined by the APWG (anti phishing working group) is a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes prey on unwary victims by fooling them into believing they are dealing with a trusted, legitimate party, such as by using deceptive email addresses and email messages. These are designed to lead consumers to counterfeit Web sites that trick recipients into divulging financial data such as usernames and passwords. Technical subterfuge schemes plant malware onto computers to steal credentials directly, often using systems that intercept consumers’ account user names and passwords or misdirect consumers to counterfeit Web sites.What are the numbers?
Thousands of URL's emanating from hundreds of thousands of web sites
Greg Aaron, APWG Senior Research Fellow and President of Illumintel Inc., stated “July though October was the worst period for phishing that the APWG had seen in three years, and then phishing levels settled back down to more normal levels.”
In the news: COVID-19
"Cyber-criminals are already targeting healthcare
organizations—specifically hospitals—with phishing campaigns, ransomware, and
other malicious acts that can adversely impact health information technology,
medical response, and patient safety. As cases of the virus began to increase
in the US, so too did the amount of email-based phishing campaigns referencing
COVID-19." https://cyber.nj.gov/alerts-advisories/cyber-threats-cybersecurity-for-healthcare-during-covid-19
"Threat actors are targeting Small and Midsize Businesses (SMBs) with phishing emails in an attempt to deliver the Remcos remote access trojan (RAT). Aimed at SMBs that may be experiencing financial problems from COVID-19 shutdowns, the threat actor impersonates the US Small Business Administration (US SBA)." https://cyber.nj.gov/alerts-advisories/threat-actors-target-smbs-using-government-grant-phishing-emails
"After three years, the Zeus Sphinx banking trojan has resurfaced in coronavirus-themed phishing campaigns containing information on government relief payments." https://cyber.nj.gov/alerts-advisories/zeus-sphinx-banking-trojan-and-other-covid-19-financial-relief-phishing-campaigns
"Google found there were 149,195 active phishing websites in January. That number rose by 50 percent in February to 293,235 websites. Now, in March, there are 522,495—a 350 percent increase since the beginning of the year." https://www.pcmag.com/news/phishing-attacks-increase-350-percent-amid-covid-19-quarantine
"The COVID-19 pandemic has created an environment ripe for fraudulent activity, with threat actors leveraging fears of the virus to perpetrate a variety of malicious and criminal exploitation. Observed scams and fraud have included selling fraudulent personal protective equipment (PPE), hawking fake cures and tests, spreading disinformation, phishing campaigns, and other related scams. The Intelligence Bureau (IB) assesses that this activity will continue, and it will potentially pivot to leverage changing government responses to the pandemic and shifting needs for supplies. Additionally, the IB assesses that cyber-enabled crime will also evolve to prey upon the public’s need to remain updated on the stream of ever-changing COVID-19-related information and may shift from COVID-19 themed outbreak to recovery lures." NYPD SHIELD, 04/23/20
"Threat actors are targeting Small and Midsize Businesses (SMBs) with phishing emails in an attempt to deliver the Remcos remote access trojan (RAT). Aimed at SMBs that may be experiencing financial problems from COVID-19 shutdowns, the threat actor impersonates the US Small Business Administration (US SBA)." https://cyber.nj.gov/alerts-advisories/threat-actors-target-smbs-using-government-grant-phishing-emails
"After three years, the Zeus Sphinx banking trojan has resurfaced in coronavirus-themed phishing campaigns containing information on government relief payments." https://cyber.nj.gov/alerts-advisories/zeus-sphinx-banking-trojan-and-other-covid-19-financial-relief-phishing-campaigns
"Google found there were 149,195 active phishing websites in January. That number rose by 50 percent in February to 293,235 websites. Now, in March, there are 522,495—a 350 percent increase since the beginning of the year." https://www.pcmag.com/news/phishing-attacks-increase-350-percent-amid-covid-19-quarantine
"The COVID-19 pandemic has created an environment ripe for fraudulent activity, with threat actors leveraging fears of the virus to perpetrate a variety of malicious and criminal exploitation. Observed scams and fraud have included selling fraudulent personal protective equipment (PPE), hawking fake cures and tests, spreading disinformation, phishing campaigns, and other related scams. The Intelligence Bureau (IB) assesses that this activity will continue, and it will potentially pivot to leverage changing government responses to the pandemic and shifting needs for supplies. Additionally, the IB assesses that cyber-enabled crime will also evolve to prey upon the public’s need to remain updated on the stream of ever-changing COVID-19-related information and may shift from COVID-19 themed outbreak to recovery lures." NYPD SHIELD, 04/23/20
Attribution: 4/23/20 conference call
Sectors:
The most targeted sectors for 2019 was shown as a pie chart as follows:- Saas / web mail 30.80%
- Payment card industry 19.80%
- Financial institutions 19.40%
- Social media 6.80%
- E commerce / retail 5.4%
- Cloud storage / file hosting 3.4%
- Telecom 3.3%
Business email compromise campaigns:
As noted by APWG: In a BEC (Business email compromise) attack, a scammer targets employees who have access to company finances, usually by sending them email from fake or compromised email accounts (a “spear phishing” attack). The scammer impersonates a company employee or other trusted party, and tries to trick the employee into sending money. APWG states attackers could prepare for weeks for such an attack inside financial systems, personnel systems and other area likely to produce a positive harvest of legitimate looking emails. The BEC attack is said to cost the industry billions of dollars. Wire transfers can be 5 to 20 times larger in the amount of money gained by attackers over gift cards whose amounts are generally much smaller. The use of gift cards is stated to be used as a way of laundering other funds to buy physical goods which can later be sold rather than put them into cryptocurrency exchanges, which is said to be another popular way of laundering money.Schemes:
The following is a list of schemes in priority:- Gift card (click here: Google play cards scheme {most request} decreased but eBay, Target, Best Buy, and Sephora all saw increases) 62%
- Direct transfer 22%
- Payroll diversion 16%
Taken from a conference call 4/23/20:
Analysis:
Deception of others and stealing (confidence schemes, con games) is not uncommon, however use of the internet since the 1990's has created miles of new paths to travel for those with criminal intent. Our nation has and is enduring heart-ships heretofore not contemplated (9/11, COVID-19). Duping of unsuspecting victims will continue to happen using these incidents and a great many others to pry money out of the hands of unsuspecting victims. It is said 93% of data breaches are still caused by phishing incidents with the cost estimated at 1.6 million dollars for mid sized companies. These incidents will continue for some time to come. Awareness training should continue as a mitigation strategy to reduce the incidents.
Update 4/23/20: Corporate email
Per conference call today 4/23/20 thanks to everyone on the call. We are also reviewing a NYPD Shield report 4/20/20 and when we have a green light will post highlights on this page.
Update 4/23/20: Corporate email
Per conference call today 4/23/20 thanks to everyone on the call. We are also reviewing a NYPD Shield report 4/20/20 and when we have a green light will post highlights on this page.
Selected Terms:
- APWG: Anti Phishing Working Group
- BEC: business email compromise
- SSL: Secure sockets layer, standard security technology for establishing a encrypted link between a server and client (web site)
- Saas: Software as a service
- gTLD: Generic top level domains legacy, such as: .com, .org, .Asia, .biz
- nTLD: New generic top level domains examples: .work, .icu
- ccTLD: Country code domains examples: .UK, .MX
- NCSA: National cyber security alliance
- Spear phishing: email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information
- Whale phishing: is a specific type of phishing attack that targets high-profile employees in order to steal sensitive information from a company
- Smishing phishing: criminals sending text messages via telephones
- Viinishing phishing: is an actual telephone conversation
- Angler phishing: Fake URL's, cloned web sites, social media etc.
No comments:
Post a Comment