After every large news-making event, we see malicious campaigns pop up quickly to ride the coattails. It is very easy for the scammers to modify their malevolent templates to match the latest headlines and prey on the emotions of users. The scams range from simple social engineering to malicious programs that promise to identify and remove infections from a machine.
Below are examples of a couple different phishing we’ve discovered attempting to take advantage of the WanaCry publicity.
‘Indian Computer Emergency Response Team’
This one attempts to look like a “Indian Computer Emergency Response Team (CERT).” Typically CERTs are a group of legitimate experts tasked to respond to computer security incidents. The scammers wanted to add a feeling of legitimacy and pass off their malicious site as a government webcast. The suspicious link and large inserted mail image are red flags.
This next example masquerades as the familiar security software company Symantec.
By following the hyperlink, readers will be redirected to a fake Symantec login page (see photo below). This site will insert the recipient’s email address to appear more legitimate. Aside from increased filter evasion, redirection to a different site typically will allow the site to last longer before it’s removed. This example from last week, continued to be active as I created this blog.
A nefarious website operator may change the site at any time from a phishing attempt to something more malicious. It is important to not let the curiosity get the best of you. At AppRiver, we use isolated test systems to perform these actions to gather intelligence. Our in-house team monitors incoming campaigns like these 24/7/365. AppRiver SecureTide filtering protects you against these type of threats.