New zero-day exploit for Log4j Java library is an enterprise nightmare
ALPHV BlackCat – This year’s most sophisticated ransomware
Volvo Cars discloses security breach leading to R&D data theft
Massive attack against 1.6 million WordPress sites underway
Researchers release ‘vaccine’ for critical Log4Shell vulnerability
The Week in Ransomware – December 10th 2021 – Project CODA
Phishing attacks use QR codes to steal banking credentials
Volvo Cars discloses security breach leading to R&D data theft
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Sophisticated phishing actors target Germans with QR codes
A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process.
The actors are using a range of tricks to bypass security solutions and convince their targets to open the messages and follow the instructions.
The relevant report comes from researchers at Cofense, who sampled several of these messages and mapped the actors’ tactics in detail.
The phishing emails are carefully crafted, featuring bank logos, well-structured content, and a generally coherent style.
Their topics vary, from asking the user to consent to data policy changes implemented by the bank or requesting them to review new security procedures.
This approach is a sign of careful planning, where the actors aren’t making the typical overblown claims of account compromise and don’t present the user with an urgent situation.
If the embedded button is clicked, the victim arrives at the phishing site after passing through Google’s feed proxy service ‘FeedBurner.’
Additionally, the actors register their own custom domains that are used for these re-directions as well as for the phishing sites themselves.
This extra step aims to trick email and internet security solutions into not raising any flags during the phishing process.
The domains are newly registered sites on the REG.RU Russian registrar and follow a standard URL structure depending on the targeted bank.
In the most recent phishing campaigns, the threat actors use QR codes instead of buttons to take victims to phishing sites.
These emails do not contain clear-text URLs and are instead obfuscated through the QR codes, making it hard for security software to detect them.
QR codes have increased effectiveness as they are targeting mobile users, who are less likely to be protected by internet security tools.
Once the victim arrives on the phishing site, they are requested to enter their bank location, code, user name, and PIN.
If these details are entered on the phishing page, the user waits for validation and then is prompted to enter their credentials again due to them being incorrect.
This repetition is a common quality tactic in phishing campaigns to eliminate typos when the user enters their credentials the first time.
No matter how legitimate an email may look, you should avoid clicking on buttons, URLs, or even QR codes that will take you to an external site.
Whenever you are requested to enter your account credentials, always remember to first validate the domain you are on before you start typing.
US universities targeted by Office 365 phishing attacks
Malicious Excel XLL add-ins push RedLine password-stealing malware
Malicious Android app steals Malaysian bank credentials, MFA codes
Mobile phishing attacks targeting energy sector surge by 161%
Microsoft, Google OAuth flaws can be abused in phishing attacks
Not a member yet? Register Now
New zero-day exploit for Log4j Java library is an enterprise nightmare
Massive attack against 1.6 million WordPress sites underway
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

As Twitter removes blue badges for many, phishing targets verified accounts

Convincing Microsoft phishing uses fake Office 365 spam alertsMicrosoft reverses Windows 11’s…

Bulletproof hosting founder imprisoned for helping cybercrime gangs

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

800K WordPress sites still impacted by critical SEO plugin flaw

Russian hackers made millions by stealing SEC earning reportsThreat actors steal $80…

Microsoft fixes bug blocking Defender for Endpoint on Windows Server

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…