NEWS BRIEF
Researchers are highlighting the rise of a brand new phishing tactic: a marketing campaign that makes use of PDF paperwork to trick victims by asserting expired Amazon Prime memberships.
Customers are focused by e-mail and, after clicking on the PDFs, are taken to pages that impersonate Amazon, the place they’re urged to enter their private particulars and bank card info.
The researchers at Palo Alto Networks Unit42 who found the marketing campaign have collected 31 PDF information with hyperlinks to those phishing websites, none of which had been submitted to VirusTotal.
The chain of occasions within the phishing assault begins with the e-mail containing the PDF attachment. As soon as clicking on the hyperlink from the PDF, the sufferer is redirected from the preliminary URL to subdomains of duckdns[.]org that host the phishing web site.
“These phishing web sites use cloaking to redirect scans and different evaluation makes an attempt to benign domains,” wrote the researchers. These domains for many of the preliminary and intermediate staging URLs are hosted on the identical IP tackle.
There are 4 preliminary hyperlinks used within the marketing campaign that potential victims must be cautious of:
“The preliminary assault vector, the place customers are beguiled into opening an e-mail attachment containing a PDF file, is a stark reminder of the significance of remaining vigilant of emails,” mentioned Javvad Malik, lead safety consciousness advocate at KnowBe4, in an emailed assertion to Darkish Studying. “Emails nonetheless stay the preferred assault avenue for phishing, so it is necessary that folks have the correct schooling and instruments at their disposal to have the ability to successfully establish and report any suspicious exercise.”