The dreaded Monday. While workers are guzzling coffee to get ready for the work week, cybercriminals are ramping up to take advantage of the Monday Blues. Cybercriminals use this opportunity to flood the Internet with massive amounts of spam, phishing and malware emails in hopes of tricking unsuspecting users. This past Monday was no exception and fostered in a huge CIBC (Canadian Imperial Bank of Commerce) phishing campaign.
As you can tell from the screenshot above, the email is very crude in structure and straight to the point. Our team saw over 100 live samples of this campaign, giving us a hint of how big the push was. There was little variation between the different samples that we saw. The body remained static while the sender’s address, source IP and the URLs varied. The links contained within the emails followed a similar structure by visually appearing to be that of an official CIBC URL. For instance, the term “HTTPS” was injected into the fake domain name itself to fool the user into thinking the link utilizes a secure HTTPS connection when in fact it is does not. The suffix of the URLs are also tagged with each recipient’s email address.
At the time of this writing, the Web links are no longer available and the sites have been taken down. On average, most phishing campaigns are only active for 24-72 hours, so the spammers can avoid being tracked by law enforcement agencies. It’s also possible that the sites were taken down by an outside entity. Our team has coded several AppRiver SecureTide rules to block these emails, which have blocked over 27,000 messages so far.