After every large news-making event, we see malicious campaigns pop up quickly to ride the coattails. It is very easy for the scammers to modify their malevolent templates to match the latest headlines and prey on the emotions of users. The scams range from simple social engineering to malicious programs that promise to identify and remove infections from a machine. Below are examples of a couple different phishing we’ve discovered attempting to take advantage of the WanaCry publicity.
This one attempts to look like a “Indian Computer Emergency Response Team (CERT).” Typically CERTs are a group of legitimate experts tasked to respond to computer security incidents. The scammers wanted to add a feeling of legitimacy and pass off their malicious site as a government webcast. Note the suspicious link and large inserted mail image that are red flags.
This next example masquerades as the familiar security software company Symantec.
Following the hyperlink redirects readers to the fake Symantec login page pictured below. This site automatically inserted this recipient’s email address attempting to appear more legitimate. In addition to increased filter evasion, redirection to a different site usually allows the site to last longer before it’s removed. This example was from earlier this week, but it was still active as I created this blog.
A nefarious website operator may change the site at any time from a simple phishing attempt to something much more malicious. It is important to not let the curiosity get the best of you. Here at AppRiver, we use isolated test systems to perform these actions in order to gather intelligence. Our in-house team monitors incoming campaigns such as these 24/7/365. Remember that with AppRiver SecureTide filtering, you are protected against these threats as they emerge.